Title: Head of Global Cyber Security
Location: San Rafael, CA
Work style: Hybrid local onsite three days per week
Who We Are
For more than two decades, going our own way has led to countless breakthroughs, bettering the lives of those suffering from rare genetic diseases. In 1997 we were founded to make a big difference in small patient populations. Now we seek to make an even greater impact by applying the same science-driven, patient-forward approach that propelled our last 25 years of drug development to larger genetic disorders, as well as genetic subsets of more common conditions. Through our unparalleled expertise in genetics and molecular biology, we will continue to develop targeted therapies that address the root cause of the conditions we seek to treat. Applying our knowledge to make a transformative impact is not just a calling, but an obligation to those who will benefit most. The end goal has always been better lives and now we can reach more.
And the more people we reach, the more our impact can grow. We transform lives through genetic discovery.
Our Culture
Our desire to make a positive impact on our patients extends to our employees, and BioMarin is committed to fostering an inclusive environment where every person feels seen, valued, and heard – so employees can thrive in all areas of their lives, in and outside of work. We seek to provide an open, flexible, and friendly work environment to empower people and to provide them with the ability to develop their long-term careers. Ultimately, we want to be an organization where people enjoy coming to work and take pride in our efforts to help patients.
Position Summary
The Head of Global Cyber Security is responsible for BioMarin's overall cybersecurity strategy, personnel, processes, and technologies. Reporting to the Senior Vice President and Chief Information Officer, Information Technology, this senior-level role will be a key member of the IT Leadership Team, providing cybersecurity oversight and guidance for BioMarin. The Head of Cyber Security serves as the owner for all cybersecurity activities related to the availability, integrity, and confidentiality of BioMarin's systems and information. A key element of this role is working with executive management to determine acceptable levels of risk for the organization and be able to influence all levels of leadership towards a more secure cyber posture. With the significant complexity around this function, it is vital to be an effective collaborator with the myriad of other teams and stakeholders. The successful candidate will have held a similar role as Head of Cyber Security at a comparable-sized or larger Global organization and be able to demonstrate experience leading a robust Cyber Security program as well as managing a sizeable team of both internal and outsourced resources.
RESPONSIBILITIES
Cyber Security Strategy and Roadmap
- Establish annual and long-range security and compliance goals, define cybersecurity strategies, metrics, reporting mechanisms, and program services.
- Develop and manage a framework for evaluating the maturity of the cybersecurity program and a roadmap for continual improvements.
- Stay abreast of emerging cybersecurity threats, trends, and technologies, continuously enhancing the company's security posture.
Team Management and Oversight
- Manage team performance and support career guidance of a high-performing international team that supports Governance, Risk, and Compliance (GRC), Cyber Operations and Threat Intel, and Cyber Engineering.
- Provide direction and oversight to BioMarin's augmented Cyber Security Operations Center (CSOC) and discretionary Cyber Security projects and initiatives.
Establish and Maintain Cyber Security Policies and Standards
- Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure information security and compliance with relevant regulatory and legal policies.
- Be a true champion of partnering with business leaders and Customer Facing IT (CFIT) to ensure risk assessment and risk management processes are well understood, and cybersecurity policies and standards are consistently applied.
- Manage the Vendor Risk assessment process, including recurring verification of vendor risk profiles.
Cyber Security Operation and Incident Response
- Provide leadership for cybersecurity incidents and act as the primary control point during significant incidents. Convene a Cybersecurity Incident Response Team (CIRT) as needed.
- Collaborate closely with the Cyber SOC for incident response.
- Provide leadership for cybersecurity-related audits and reviews within the Information Management organization, and partner with other groups as necessary.
Effective Communications
- Communicate complex and technical issues to diverse audiences in an easily understood and actionable manner.
- Present updates to various levels of the organization, including quarterly updates to the BioMarin Audit Committee.
- Represent the company in discussions with regulators, industry partners, and stakeholders on information security and compliance matters.
QUALIFICATIONS
Education
- Degree in a technology-related field or business administration.
- Professional security management certification (e.g., CISSP, CISM) preferred.
Experience
- Minimum of 12+ years of experience in information security, risk management, and technology management.
- Proven track record of designing and implementing effective cybersecurity programs, including risk management, threat detection, and incident response.
- A strong background in biotech, pharmaceuticals, or healthcare is preferred.
- Understand the unique requirements of qualified (GMP) and non-qualified environments typically utilized in the Biotech industry.
- Knowledge of common information security management frameworks and practices, such as ISO/IEC 27001, NIST, SOX, GDPR, and HIPAA.
- Experience with contract and vendor negotiations and management, including managed services.
- Cost center management—ability to create an annual cyber-related budget and demonstrate quarterly financial performance.
Skills
- Excellent written and verbal communication skills and high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Strong communication skills with the ability to manage up, down, and across the organization.
- Extensive knowledge of regulatory requirements and compliance standards relevant to the biotech and healthcare industries, such as HIPAA, GDPR, FDA regulations, etc.
- Commitment to diversity, equity, and inclusion, with a demonstrated ability to foster a culture of belonging and respect in the workplace.
Note: This description is not intended to be all-inclusive or a limitation of the duties of the position. It is intended to describe the general nature of the job that may include other duties as assumed or assigned. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Compensation
In the U.S., the salary range for this position is $236,000 to $354,000 per year, which factors in various geographic regions. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A discretionary bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
#J-18808-Ljbffr