Director, Governance Risk Compliance

Sleepy Hollow, New York
Mar 20, 2018
Required Education
Position Type
Full time
Position Summary

Known for its scientific and operational excellence, Regeneron is a leading science-based biopharmaceutical company that discovers, invents, develops, manufactures, and commercializes medicines for the treatment of serious medical conditions. Regeneron commercializes medicines for eye diseases, high LDL-cholesterol, atopic dermatitis and a rare inflammatory condition and has product candidates in development in other areas of high unmet medical need, including rheumatoid arthritis, asthma, pain, cancer and infectious diseases.

Performs as the service area leader for the Governance Risk and Compliance organization. Design and oversee the adoption of Regeneron's information security controls, policies, and processes for the organization. Develop, monitor and measure internal and third-party risk management procedures. Oversee corporate security communications and including management of changes in information security for the overall business. Monitor internal and external environment and adjusts policies and standards as necessary. Interact with C-Suite and other executive and managerial level professionals as well as technical and non-technical groups. Work with information security management leads to develop and maintain security policies, practices and standards. Collaborate with peers across the organization to share solutions and best practices.

• Identify and prioritize business and operational risks throughout organization
• Lead effort to implement security and compliance policies and procedures
• Develop security policies and influence security controls
• Liaison with security team to ensure coverage of critical assets
• Lead development and management of a risk acceptance process
• Manage operational and vendor risk assessment programs
• Deliver a business and security relevant eGRC platform
• Develop and maintain Regeneron's security control catalog
• Monitor Regeneron change management process for security policies and procedures
• Resolve audit and risk findings
• Develop policy review, security policy exception, and control risk mitigation processes
• Deliver cyber risk and compliance control assessments
Knowledge and Experience
• 12+ years of experience in information security governance or 12+ years in IT with 6+ years in information security governance
• Experience in information security awareness, training program development and administration
• Experience in policy creation, security control definition, eGRC technologies, and security governance processes
• Ability to drive security governance in a distributed organization
• 6+ years' experience in executing security programs guided by information security frameworks such as ISO 27001, NIST, PCI, and HIPAA.
• Advise the CISO on emerging trends in security governance, operational risk, and vendor risk
• Advise steering committees and business leaders on security controls and cyber risk
• Communicate security outcomes to audit and legal organizations
• Interface with external and governmental regulatory bodies regarding cybersecurity and cyber risk
• Interact with C-Suite and other executive and managerial level professionals as well as technical and non-technical groups
• Lead cyber risk and compliance engagements across multiple business verticals
• Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders
• Identifying opportunities for companies to effectively mitigate risk and improve business performance
• Ability to evaluate risks and communicate security topics in the form of business-value and business-impact
• Strongly process-oriented and ability to build consensus among senior leaders within the organization on security policies and procedures
• Experience in service delivery management
• Experience leading GRC teams in a large and distributed environment
• Experience with a GRC platform or workflow application (e.g., Service Now)
• Position requires CISSP, CISM, CHE or equivalent, relevant certification from a recognized body (e.g., SANS, ISC2, ISACA). If absent, certification must be attained no later than after one year of start date.
• 12+ years of experience in information security governance or 12+ years in IT with 6+ years in information security governance

This is an opportunity to join our select team that is already leading the way in the Pharmaceutical/Biotech industry. Apply today and learn more about Regeneron's unwavering commitment to combining good science & good business.

To all agencies: Please, no phone calls or emails to any employee of Regeneron about this opening. All resumes submitted by search firms/employment agencies to any employee at Regeneron via-email, the internet or in any form and/or method will be deemed the sole property of Regeneron, unless such search firms/employment agencies were engaged by Regeneron for this position and a valid agreement with Regeneron is in place. In the event a candidate who was submitted outside of the Regeneron agency engagement process is hired, no fee or payment of any kind will be paid.

Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by law.

Requisition Number: 11020BR