Sr Director, BISO and Information Protection

ROLE SUMMARY

Our Global Cybersecurity Governance Risk and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance risk management and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security privacy and regulatory compliance is integrated seamlessly with Pfizers organization.

We are seeking a Senior Director Business Information Security Office (BISO) & Information Protection to serve as the strategic security partner to our Pfizer business leaders.

This role is accountable for aligning enterprise security strategy to business priorities protecting sensitive data and intellectual property and enabling innovation across a highly regulated global environment.

As a senior leader you will bridge business technology and riskembedding security into R&D PGS/Manufacturing Commercial and Corporate functions while driving a modern risk-based information protection program.

ROLE RESPONSIBILITIES

Business Information Security Leadership

• Serve as the primary security advisor to senior business leaders translating cyber and information risk into actionable businessaligned decisions.

• Establish and mature the BISO operating model including engagement cadence governance forums risk intake and executive reporting.

• Oversee and coordinate a global team of BISOs and enable with key information.

• Act as the liaison between business teams and central security functions (GRC ISAM Cyber Defense Infrastructure Cloud Services).

• Translate thirdparty cyber and data risks into clear businessrelevant insights and present to executive leadership.

• Socialize third-party risks and findings with business owners.

Information Protection Strategy

• Develop and maintain an in-depth understanding of business unit processes crown jewels physical locations systems technologies data customers partners.

• Define and drive the enterprise Information Protection strategy including:

  • Protection of regulated data (clinical patient employee).

  • Protection of IP and trade secrets (research data protocols formulations manufacturing processes commercial strategy).

• Drive adoption of data protection controls such as DLP encryption rights management secure collaboration labeling and endpoint protections.

• Partner with Privacy and Legal to ensure privacybydesign and regulatory alignment.

SecuritybyDesign

• Embed security early into new platforms SaaS solutions clinical systems manufacturing automation and digital engagement tools.

• Partner with Security Infrastructure and Cloud Services teams to define security requirements.

• Ensure security expectations are met for GxP and regulated systems partnering closely with Quality Compliance and Internal Audit.

Incident Leadership

• Act as a senior escalation point for information protection incidents coordinating with Cyber Defense Legal Privacy HR and other key stakeholders.

• Support executive decisionmaking during incidents and lead postincident improvement efforts.

RESOURCES MANAGED

2 direct reports and indirectly 6-8 colleagues.

BASIC QUALIFICATIONS

• Bachelors degree and/or Masters Degree in Cybersecurity Computer Science Information Systems or related field.

• 15 years of experience in information security technology risk or data protection including senior leadership roles.

• 8 years working in regulated industries; pharmaceutical biotech or life sciences strongly preferred.

• Professional certifications: CISSP CISM CRISC or similar.

• Proven experience building and scaling information protection data security and other regulatory programs.

• Deep understanding of modern security capabilities: cloud and SaaS security identity and access management data security platforms endpoint security.

• Experience partnering with Legal Privacy Quality Compliance Internal Audit and key business stakeholders.

• Exceptional executive communication skills and the ability to influence without authority.

• Executive presence and stakeholder management.

• Global mindset and ability to work across cultures.

PREFERRED QUALIFICATIONS

• Familiarity with GxP privacy regulations (including EU) and frameworks such as NIST CSF or ISO 27001.

• Experience supporting R&D and/or Manufacturing environments.

• Strong interpersonal and communication skills.

• Excellent strategic thinking; deeply analytical and credible.

• Ability to challenge influence and support senior leadership.

• Ability to bring structure to vaguely defined problems and solve them with creative yet pragmatic approaches.

• Resourceful self-motivated and proactive strong drive for excellence.

• Continuously seeks new knowledge and approaches leveraging innovation to enhance efficiency effectiveness and impact.

OTHER INFO

• Travel as required by the business (less than 20% domestic and/or international).

• Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week or as needed by the business.

• This role is NOT remote. Work Location Assignment:Hybrid.