Associate Director - Data Protection

Irvine, California
Mar 10, 2021
Required Education
Bachelors Degree
Position Type
Full time
About AbbVie
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

This position is accountable for the effective management and delivery of the Select Agents and Toxins (SAT) Data Protection program with the support of process, people, and technology responsible for the effective program execution.


Process Management:

  • Maintain the companywide SAT Data Protection framework and executive continuous improvement projects over time with a focus on the strict need-to-know access control requirements for SAT Data through the modifications of policies, standards, principles, metrics, processes, and related tools.
  • Facilitate the development and implementation of SAT Data Protection policies, SOPs, and guidelines among BTS, Global Trade Compliance, EHS, R&D and Operations
  • Support the evaluation of SAT DLP (Data Loss Prevention) incidents and collaborate with the business functional leads on the SAT Data Protection Office to determine the incident severity / disposition.
  • Work with partnership with functional BTS teams (R&D, Operations) to ensure that business information systems hosting SAT Data are properly designed to segment and secure SAT Data.
  • Perform quality check on SAT Data Authorization Requests to ensure accuracy and completeness prior to the approval of the SAT business function leads / data owners.
  • Working with Global Trade Compliance to review and upload the list of employees with SAT DOC Clearance to WorkDay each week.  Regularly reconcile the SAT DOC Clearance list against WorkDay (for employees) and Fieldglass (for contingents) to determine if DOC Clearance should be revoked based on status change.
  • Regularly communicate with the designated SAT Subject Matter Experts in the business on best practice to safeguard SAT Data as work condition changes (e.g., working from home) or technology changes (e.g., Teams, Zoom, Box, etc.)
  • Monitor BTS Outsourced Service Providers and Cloud Service Providers with DOC Export Licenses for compliance with the terms of the Technology Control Plan.
  • Assist in the security assessment based on the Technology Control Plan requirements of business 3rd party collaborators (i.e., publishing company, translation companies, clinical research organizations, external laboratories, universities, etc.) with authorization to access SAT Data.
  • Perform quarterly and annual review / recertification of DOC Clearance and SAT Data Access.

People Management

  • Consult on how to effectively classify SAT Data (structured and unstructured) across R&D, Operations, and Commercial business units.
  • Conduct SAT Data Protection awareness training sessions and maintaining training materials
  • Regularly communicate with the designated SAT Subject Matter Experts in the business on best practice to safeguard SAT Data as work condition changes (e.g., working from home) or technology changes (e.g., Teams, Zoom, Box, etc.)
  • Work collaboratively with designated members of Global Trade Compliance to ensure common understanding of criteria required for SAT Data Access across R&D, Operations, Legal, and Commercial.

Technology Management

  • Maintain the SAT Data Protection Websites and the automated workflows (PowerApps, Power Automated) related to DOC Clearance, SAT Data Authorization, and SAT Data Classification.
  • Work with cybersecurity subject matter experts to leverage best practice and technology to ensure the protection of SAT Data.
  • Work with DLP team to fine tune the SAT DLP rules

Audit Readiness and Management

  • Monitor IT infrastructure for compliance with the CDC’s guidance on information system security controls per 42 CFR Part 73
  • Perform annual security assessment based on the CDC Information System Security Checklist for all sites subject to the CDC Division of Select Agents and Toxins (DSAT) annually.
  • Lead the remediation of compliance audit findings to ensure high risk issues are addressed timely and efficiently

Personal Development

  • Participate in external conference and security forums on Insider Threats, Department of Defense, or CDC security requirements to learn best industry practice.

  • Bachelor’s degree with 10 years of experience
  • Good experience working in medium to large size companies, specifically performing and managing computer compliance, access control, regulatory IT, information system audit, and implementation of controls for regulatory requirements related to data security, etc.
  • Experience in managing audits and inspections related to IT is required
  • Experience in business process development, implementation, and management is required
  • Strong knowledge of COBIT, ISO/IEC 27002 is required
  • Knowledge of the DoD (Department of Defense) ITAR, DOC (Department of Commerce) Select Agents and Toxins, and/or CDC Federal Select Agents is a plus

Essential Skills and Abilities
•    Demonstrated team / organization leadership and management ability to lead and coach a diverse department.
•    Demonstrated leadership in project management, conflict management, and organizational change management
•    Demonstrated process development, implementation and management capabilities
•    Demonstrated ability to manage multiple and conflicting priorities
•    Excellent written and verbal communication skills across different levels of the organization
•    Excellent presentation skills to individual across different business units and management level.

Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Job Type
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.