Manager, Risk & Compliance

Known for its scientific and operational excellence, Regeneron is a leading science-based biopharmaceutical company that discovers, invents, develops, manufactures, and commercializes medicines for the treatment of serious medical conditions. Regeneron commercializes medicines for eye diseases, high LDL-cholesterol, atopic dermatitis and a rare inflammatory condition and has product candidates in development in other areas of high unmet medical need, including rheumatoid arthritis, asthma, pain, cancer and infectious diseases.

Summary:
Performs as the Service Delivery Manager for the IT security risk and compliance management capability. Delivers the security control assessments and/or inspections of infrastructure, networks, applications that collect, process, and store Regeneron data, or have access into the Regeneron IT environment. Develops and baselines control assessment methodologies, techniques, and process to inspect targets of assessments, as well as catalog and track remediation plans as an output of assessments/inspections. Maintains the remediation plans of action in a global "risk register." Manages the execution of managed services in the delivery of assessments and inspections. Assesses the risk of security control gaps and oversee the remediation of those risks. As a service manager, this position will be responsible for managing an service delivery team comprised of multiple vendors, responsible for contract management, definition of service level agreements (SLAs), and ensuring that SLA's are achieved and value chain partner expectations are met or exceeded.

Responsibilities:

• Work directly with key business leaders to facilitate information risk analysis and risk management processes

• Manage administrative functions of the Risk Assessment service platform

• Identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management.

• Conduct risk assessments for internal infrastructure, networks and applications; identify and document control gaps, and present results to support management action, escalation and risk acceptance processes

• Conduct risk assessments for external vendors/partners/suppliers, identify and document control gaps, and present results to support management action, escalation and risk acceptance processes

• Oversight of managed service or SaaS providers in the domain of assessing IT security compliance

• Partner with business relationship managers across the enterprise to evaluate the information security risks associated with their vendor engagements.

• Advise third-party providers and partners on security control expectations and remediation actions

• Maintain and report on the application and vendor risk register
Requirements:
Knowledge and Experience

• 5-8 years of experience in cyber security or information security/GRC role

• Experience managing client/partner relationships and competing expectations

• Experience with Governance Risk and Compliance tools (e.g. ServiceNow, Optiv, SimpleRisk or Archer)

• Experience with security control frameworks (e.g. NIST, ISO, PCI)

• Strong technical and/or IT audit background and practical knowledge of a variety of technologies including operating systems, server, network and web infrastructure, database architectures, intrusion detection and prevention systems
Leadership

• Provide direction and oversight of third party service providers (if applicable)

• Ability to negotiate and work independently
Collaboration

• Partner with various support groups and the vendors to determine appropriate risk remediation activities to address identified risks

• Work in partnership with key stakeholders across the enterprise to identify process and technology enhancements to drive efficiencies
Innovation

• Ability to identify process innovation and automation of assessment-based security reviews
Skills/Tools

• Strong customer service and communications skills, both oral and written with the ability to build relationships at all levels

• Ability to weigh security controls against technical and administrative standards

• Proven project management skills in setting priorities to meet project deadlines

• Strong analysis and critical thinking skills with ability to problem solve

• Organized, detail-oriented with ability to understand big picture and make risk appropriate tradeoffs
Preferred:

• Experience of Life Sciences industry

• Managed service delivery oversight

#LI-EG2
#dice

This is an opportunity to join our select team that is already leading the way in the Pharmaceutical/Biotech industry. Apply today and learn more about Regeneron's unwavering commitment to combining good science & good business.

To all agencies: Please, no phone calls or emails to any employee of Regeneron about this opening. All resumes submitted by search firms/employment agencies to any employee at Regeneron via-email, the internet or in any form and/or method will be deemed the sole property of Regeneron, unless such search firms/employment agencies were engaged by Regeneron for this position and a valid agreement with Regeneron is in place. In the event a candidate who was submitted outside of the Regeneron agency engagement process is hired, no fee or payment of any kind will be paid.

Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by law.