Cyber Security Strategy and Roadmap

• Establish annual and long-range security and compliance goals, define cybersecurity strategies, metrics, reporting mechanisms and program services.
• Develop and manage a framework for evaluating the maturity of the cybersecurity program and a roadmap for continual improvements.
• Stay abreast of emerging cybersecurity threats, trends, and technologies, continuously enhancing the company's security posture.

Team Management and Oversight

• Manage team performance and support career guidance of a high performing international team that supports Governance, Risk, and Compliance GRC), Cyber Operations and Threat Intel, and Cyber Engineering.
• Provide direction and oversight to BioMarin's augmented Cyber Security Operations Center (CSOC) and discretionary Cyber Security projects and initiatives.

Establish and Maintain Cyber Security Policies and Standards

• Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure information security and compliance with relevant regulatory and legal policies.
• Be a true champion of partnering with business leaders and Customer Facing IT (CFIT) to ensure risk assessment and risk management processes are well understood, and cybersecurity policies and standards are consistently applied.
• Manage the Vendor Risk assessment process, including recurring verification of vendor risk profiles.

Cyber Security Operation and Incident Response

• Provide leadership for cybersecurity incidents and act as the primary control point during significant incidents. Convene a Cybersecurity Incident Response Team (CIRT) as needed.
• Collaborate closely with the Cyber SOC for incident response.
• Provide leadership for cybersecurity-related audits and reviews within the Information Management organization, and partner with other groups as necessary.

Effective Communications

Communicate complex and technical issues to diverse audiences in an easily understood and actionable manner.

• Present updates to various levels of the organization to include quarterly updates to BioMarin Audit Committee.
• Represent the company in discussions with regulators, industry partners, and stakeholders on information security and compliance matters.

Education

• Degree in a technology-related field or business administration.
• Professional security management certification (e.g., CISSP, CISM) preferred.

Experience

• Minimum of 12+ years of experience in information security, risk management, and technology management.
• Proven track record of designing and implementing effective cybersecurity programs, including risk management, threat detection, and incident response.
• A strong background in biotech, pharmaceuticals, or healthcare is preferred.
• Understand the unique requirements of qualified (GMP) and non-qualified environments typically utilized in the Biotech industry.
• Knowledge of common information security management frameworks and practices, such as ISO/IEC 27001, NIST, SOX, GDPR, and HIPAA.
• Experience with contract and vendor negotiations and management, including managed services.
• Cost center management—ability to create an annual cyber-related budget and demonstrate quarterly financial performance.

Skills

• Excellent written and verbal communication skills and high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Strong communication skills with the ability to manage up, down, and across the organization.
• Extensive knowledge of regulatory requirements and compliance standards relevant to the biotech and healthcare industries, such as HIPAA, GDPR, FDA regulations, etc.
• Commitment to diversity, equity, and inclusion, with a demonstrated ability to foster a culture of belonging and respect in the workplace.

Note: This description is not intended to be all-inclusive, or a limitation of the duties of the position. It is intended to describe the general nature of the job that may include other duties as assumed or assigned.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.

In the U.S., the salary range for this position is $ 236,000 to $ 354,000 per year, which factors in various geographic regions. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A discretionary bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.