Senior Director, Chief Information Security OfficerLocation: Princeton or Rockville Employment Type: Full Time
About Us Otsuka is a global healthcare company driven by the corporate philosophy: "Otsuka people creating new products for better health worldwide."
We are committed to researching, developing, manufacturing, and marketing innovative products, with a strong focus on pharmaceutical treatments for diseases and nutraceutical products to maintain everyday health.
Job Description The Senior Director, Chief Information Security Officer (CISO), will lead the development, implementation and management of Otsuka America Pharmaceutical, Inc.'s (OAPI's) and Otsuka Pharmaceutical Development and Commercialization, Inc.'s (OPDC's) cybersecurity risk management framework.
Reporting directly to the Vice President & US Chief Compliance Officer (CCO), the CISO will bolster Otsuka's Second Line of Defense by identifying and mitigating potential cybersecurity risks, ensuring regulatory compliance, and driving a culture of proactive security awareness.
Key Responsibilities Strategic Leadership and Risk ManagementAdvance and implement a comprehensive cybersecurity risk management framework for OAPI and OPDC, to proactively identify, evaluate, and mitigate potential risks.Continuously assess:the strength and effectiveness of the OAPI and OPDC cybersecurity risk management framework, and where necessary, implement CCO-endorsed framework enhancements;the skills and capabilities needed for the present and future operational excellence of the Information Security team.Survey and summarize changes or trends in cybersecurity laws, regulations, and accreditation standards, providing frequent and succinct updates to the CCO and, where applicable, proactively proposing cybersecurity risk framework enhancements to mitigate risk to the organization.Work closely with the Vice President & Chief Information Officer (CIO) and the CIO's leadership team to ensure cross-functional alignment and consistency with broader IT business objectives and activities.Provide cybersecurity advice, guidance, and support to other Otsuka companies as needed, including ex-US affiliates.Policy, Standards, and Control Framework Develop, implement, and enforce enterprise-wide security policies, standards, and frameworks to ensure compliance with regulatory requirements (e.g., HIPAA, GDPR, FDA, ISO 27001).Collaborate with regulatory bodies during audits, compliance reviews, and investigations, ensuring transparency and alignment with legal requirements.Support data privacy and protection efforts, helping to imbed privacy principles into information security practices and processes.Security Operations and Capabilities Lead the Security Operations Center (SOC) and continuously monitor, detect, and respond to potential security incidents.Directly supervise the OAPI and OPDC Information Security team with management responsibility for at least five FTE reports.Oversee and optimize critical security functions including:Vulnerability ManagementApplication SecurityNetwork SecuritySecurity Information and Event Management (SIEM)Data Loss Prevention (DLP)Develop and implement robust incident response plans, including penetration testing and CCO-approved cyber investigations and forensic analyses.Ensure continuous improvement of organizational threat detection, response, and remediation capabilities through advanced technologies and best practices.Education and Awareness Develop and provide cybersecurity training and awareness programs for OAPI and OPDC employees.Clearly articulate cybersecurity risks, strategies, and initiatives to technical and non-technical audiences at all levels of the organization.Promote organization-wide adoption of security best practices in partnership with IT and the business.Qualifications Master's degree in Information Management, Cybersecurity, Computer Science, or a related field.Certifications: CISSP, CISM, CICP, and Security+ (or equivalent certifications).Minimum of 10 years of experience in Information Security, including at least 5 years in a leadership role directly supervising FTE employees and managing enterprise-level security programs.Expert level understanding of security frameworks and compliance standards.Crisis management experience.Excellent leadership, communication, and project management skills.Preferred Experience Understanding of US healthcare industry laws and regulations.Familiarity with DOJ and HHS-OIG guidance on corporate compliance programs.Understanding of affiliate-level scope and responsibilities within a global organization.Disclaimer: This job description is intended to describe the general nature and level of the work being performed by the people assigned to this position.
Otsuka is an equal opportunity employer.
All qualified applicants are encouraged to apply.
#J-18808-Ljbffr