Director, BISO

About AbbVie
AbbVie's mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women's health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com . Follow @abbvie on Twitter , Facebook , Instagram , YouTube and LinkedIn .

As part of the Aesthetics Technology division (AA BTO) extended leadership team, lead information security and compliance across technology investments in the Aesthetics business. This role is a core part of the overall strategy of the Aesthetics organization, a digital leader in medical aesthetics globally. Role is accountable for creating and executing process and frameworks for application security, ensuring proper engagement and reviews of proprietary apps (in partnership with internal and external product development teams), ensuring data security and compliance to key regulatory and enterprise security policies. Develop, manage and track audits, facilitation, and remediation across Aesthetics. Keep abreast of and others appraised of changes to data privacy regulations, information security risks, threats and opportunities, compliance with corporate standards, and issues affecting Aesthetics technology and dependent up/down stream systems. Advocate for Aesthetics technology innovation and investment across BTS and other internal groups.

• Responsible for compliance with applicable regulations, standards, and Corporate Policies across all Aesthetics technology.
• Act as the "CISO" for the division; dotted line reporting relationship to the corporate CISO, and hard line reporting to the Aesthetics Technology division, AA BTO VP
• Implement, monitor and continuously innovate and improve application development and security framework for external applications and technology
• Act as partner and proactively support technology innovations to ensure secure and ongoing stable and safe technology across Aesthetics.
• Implement standard process for pre-audit preparation in partnership with AA technology teams
• Implement standard process for security reviews, communication and audits across AA BTS and Franchise globally
• Communicate security strategies, risks and gaps to non-technical stakeholders proactively and regularly.
• Compile, analyze, and communicate compliance metrics to senior management
• Proactively identify and remediate compliance gaps
• Prioritize security and compliance risks across the business
• Represent the corporate Information Security and Risk Management (ISRM) organization in local security and compliance matters
• Conduct quarterly business reviews with business leadership to drive risk accountability into the business.
• Ensure risk remediations are prioritized appropriately with key stakeholders.
• Develop and lead relevant governance oversight boards within the business on ISRM subject matter.
• Manage the risk register process for the business and ensure that risk dispositions are tracked and reported on
• Lead the implementation of the corporate ISRM and privacy policies across the business. Provide guidance on how to effectively implement such policies.
• Coordinate regulatory compliance activities for Data Privacy, GxP, PCI, SOX, etc. as applicable.
• Assist in the management and execution of 3rd party risk management
• Serve as an ISRM SME, coordinating and providing multi-disciplinary knowledge, skills, and experience in regulatory/compliance and security architecture.
• Collaborate with the Information Security organization to execute on an Intellectual Property protection program.
• Review of vulnerability and patching reports to assist in the prioritization and measure SLA adherence.
• Support formal investigations driven by various corporate functions.

Qualifications

Requirements:
• Bachelor's Degree and minimum of 12 years of experience in Information Security and IT Risk Management.
• 8-10 Years leading an Information Security team in a matrixed organization
• Demonstrated ability to proactively partner and communicate and understand the sense of urgency
• Extensive experience in designing and implementing enterprise security solutions in a global context.
• Deep understanding of regulatory compliance impacting IT and Information Security
• Excellent verbal and written communication skills with a wide range of audiences (e.g., executives, technologists, business stakeholders)
• A critical thinker with strong problem-solving skills.
• Working knowledge of key information security management frameworks (e.g., NIST, ISO).
• Information Security certifications preferred: CISSP

Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel
No
Job Type
Experienced
Schedule
Full-time
Job Level Code
IC
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.