Chief Information Security Officer

The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company’s physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements.

WHAT - Main Responsibilities & Technical Competencies

Strategic Leadership

• Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends.
• Advise executive leadership and the board on risk posture, threat landscape, and investment priorities.
• Lead cross‑functional initiatives to embed security into digital transformation, innovation, and operational excellence.
• Establish KPIs and performance metrics to measure and improve security effectiveness.

Cybersecurity & IT Security

• Oversee the design and implementation of cybersecurity architecture and controls.
• Ensure protection of IT infrastructure, cloud environments, and sensitive data.
• Lead incident response, threat intelligence, and vulnerability management programs.
• Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA).

Governance, Risk & Compliance

• Develop and enforce enterprise-wide security policies and procedures.
• In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP).
• Conduct risk assessments, internal audits, and third‑party security evaluations.
• Report regularly to senior leadership on risk mitigation and compliance status.

Investigations & Incident Management

• Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations.
• Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination.
• Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions.
• Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards.

Fraud Management

• Develop and implement a fraud prevention and detection framework across the organization.
• Lead investigations into suspected fraud, misconduct, and financial irregularities.
• Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases.
• Maintain a whistleblower program and ensure confidentiality and integrity in handling reports.
• Monitor fraud trends and proactively adjust controls and training programs.

Team Management & Development

• Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management).
• Define roles, responsibilities, and career development paths for team members.
• Foster a culture of accountability, agility, and continuous learning.
• Manage vendor relationships and external consultants as needed.

Physical & Operational Security

• Oversee facility security, access control, and surveillance systems.
• Coordinate with facilities and operations on emergency preparedness and response.
• Develop and test business continuity and disaster recovery plans.

Stakeholder Engagement

• Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs.
• Lead security awareness and training programs across the organization.
• Represent the company in external forums, industry groups, and regulatory engagements.

Skills

HOW - Knowledge & Experience

• Technical depth in cybersecurity and investigations
• Leadership and team development
• Fraud detection and prevention expertise
• Regulatory and compliance acumen
• Communication and stakeholder management
• Crisis and incident response

Knowledge & Experience

• 15+ years of experience in security leadership, preferably in pharma or life sciences.
• Proven track record in strategic planning, investigations, fraud management, and team leadership.
• Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable.
• Strong understanding of regulatory environments and risk management frameworks.

Education / Certifications

Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.

Language(s)

Fluency in English. Knowledge of European language is a plus for global roles.