Senior Director of Cybersecurity, Risk and Compliance - Innovative Gene Therapy Biotech

Boston, Massachusetts
May 08, 2018
Required Education
Bachelors Degree
Position Type
Full time

Senior Director of Cybersecurity, Risk and Compliance

Boston, Massachusetts, United States · Information Technology


The Senior Director of Cybersecurity, Risk and Compliance is a business/technology executive who will be responsible for providing leadership in establishing a comprehensive global Risk, Information Security and Data Privacy program and ensuring global compliance adherence for all technology initiatives. This includes policy creation, education, training, incident response, risk assessment, customer contract reviews, incident prevention, detection and forensics.

The Senior Director will be comfortable working in a fast-paced environment, developing a strategy for Orchard and the organization and a roadmap to achieve strategic security and compliance goals. The person in this role must be comfortable working with ambiguity, have a proven track record of hiring, developing and growing technical talent, strong executive presence and demonstrate outstanding communication skills – specifically, have the ability to translate technical vision, roadmaps and decisions into a clear, inspiring story that enables the organization to quickly align and drive results. The ability to lead from the front, be a strong leader-teacher and collaborate at all levels at Orchard with credibility are all critical to this role.

The Senior Director of Cybersecurity will work amongst a team of expert technical professionals as they guide the organization into uncharted technical territory that is very dynamic, complex, ambiguous and also involves partnering with organizations and leaders across Orchard. This leader will model strong business partnering skills, leadership presence and organizational maturity.



  • Security Strategy – Develop and execute an enterprise security strategy and roadmap that mitigates risk through the right balance of security measures and operational flexibility.
  • Standards and Guidelines – Establish policies, procedures, standards and guidelines that enable Orchard’s security strategy.
  • Threat Assessment and Scenario Planning – Identify security vulnerabilities and risks associated with Orchard’s operations, including partnering with business units to build threat assessment into the product design and development processes.
  • Advanced Detection and Containment – Build an industry leading detection and containment capability that will identify and mitigate sophisticated cyber-attacks against Orchard.
  • Ongoing Security Operations – Ensure operational procedures enforcing security are effective and optimal, including assessing and testing for vulnerabilities.
  • Incident Response – Respond to and resolve security exposures and incidents.
  • Security Engineering – Work directly the business units and internal IA functions to ensure that the right security capabilities are built into offerings, enterprise processes and tools through reusable technology (services-oriented architecture). Oversee the evaluation, selection and implementation of information security tools.
  • Integrity of Critical Business Operations – Participate in the formation and execution of business continuity planning, and drive disaster recovery planning and execution across multiple business and geographic sites.
  • Security Compliance and Audits – Manager internal and external assessments of security, disaster recovery and compliance (certification and accreditation) for PCI DSS, Sarbanes Oxley, and ISO 900x.
  • Education and Training – Provide security awareness training, information and education to employees, partners and customers.
  • Cloud Security – Develop and operate optimal security processes, tools and consulting services for hosting secure applications in the cloud.
  • Third Party Management – Participate in the development, implementation and ongoing compliance monitoring of information privacy requirements and responsibilities in vendor contracts and agreements.
  • Security Metrics and Reporting – Develop and maintain a program that informs business unit and functional group leadership of the top security risks and overall security health of their organizations.
  • Sales and Customer interaction – including pre-Sales support, customer contract review, RFP response, and customer audit facilitation.

Education & skills

  • Bachelor’s degree in Computer Science, Information Technology, Business Administration or related field. Advanced degree highly preferred.
  • Proven, solid management experience and track record building strong teams and developing leadership excellence at all levels.
  • solid experience in a pharmaceutical, CRO or ERP environment required
  • solid experience of overall program management experience to include given years of experience as an executive, leading very large mission critical programs that involve significant business and technology change.
  • solid experience in leading and influencing teams in a matrix management environment.
  • Ability to be an effective leader in a fast-paced pressure environment and an ability to be highly adaptive.
  • Effective oral, written and interpersonal communication skills. Strong listening and presentation skills necessary to effectively communicate, understand, and influence a wide range of audiences.
  • Well-developed change management skills. Effective in working across organizational boundaries to build a case for change, and to execute on the change plan – from strategy through ongoing operation and process improvement.
  • Effective in building company-wide relationships with senior technical, functional and business leaders to set long-term strategies and to assess and act on short-term compliance objectives and needs.
  • Experienced in and able to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the company’s operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.
  • Understanding of security and privacy regulations and standards is desirable.
  • Understanding of core information security functions (e.g., strategy, operations, assessments incident response, investigations, consulting, and compliance) is desirable.
  • Demonstrated implementation and leadership of compliance programs for regulatory adherence, including but not limited to: GDPR, PCI DSS, Sarbanes Oxley, ISO 900x, AABB, 21CFR11.
  • Demonstrated experience dealing with the security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization.
  • CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or other security certification/accreditation is desirable.