Director, Business Information Security Officer

Description The Director, Business Information Security Officer leads a team in identifying and managing information security risks through assessments and cybersecurity risk management processes and owns services for both security awareness & training and information protection. The Director works with and coordinates across business functions, compliance teams, IT, and shared services groups. The Business Information Security Officer’s core responsibilities include:Lead cross-functional initiatives to establish and mature cybersecurity risk management processes in collaboration with business and IT colleagues.Deliver security assurance services for third-party suppliers, cloud services, and business technologies.Manage and mentor a specialized team focused on cybersecurity risk management, cybersecurity assurance, awareness & training/phishing awareness, and information protection.Support the CISO in development of an information protection strategy to protect sensitive data from loss, leakage, or unauthorized exfiltration.Execute against the information protection strategy through implementation and management of services for information protection, leveraging data loss prevention (DLP) and data security posture management technologies in partnership with business, information security, and IT colleagues.Conduct periodic assessments of information handling practices and work with colleagues to classify and identify vital information and apply controls that mitigate risks.Monitor emerging threats and regulatory changes related to information/data protection.Support the CISO in establishing and reporting on metrics for key risk indicators (KRIs) and key performance indicators (KPIs) that measure the effectiveness of the information security program.Conduct periodic benchmarking to assess information security maturity and recommend enhancements.Develop and communicate training and awareness on security best practices throughout the organization.Manage the ongoing delivery of phishing campaigns and responses to phishing alerts in coordination with the cybersecurity operations team.Remain current on information security frameworks, guidance, best practices, and regulatory requirements impacting the pharmaceutical industry.Collaborate deeply with peers in Security Operations and Information Security Architecture, taking an integrated approach to managing and reducing cyber risk across the organization.Qualifications/ RequiredKnowledge/ Experience and Skills:10+ years of experience within information security or IT GRC organizations; experience in the pharmaceutical/life sciences industry is desirable.5+ years of experience in development and management of information security risk assessment processes for applications and third parties.5+ years of experience in assessment of systems hosted in company or third-party cloud environments (e.g., AWS, Oracle, Azure).Extensive knowledge of solutions and best practices for information protection / data loss protection, including Microsoft Purview and other solutions.Expert understanding of risk management, compliance, and governance frameworks related to cybersecurity.Ability to think strategically, lead initiatives, and provide leadership in the definition of solutions for risk mitigation.Demonstrated ability to influence through leadership and collaboration - fostering a community of knowledge-sharing, collaboration, and forward-thinking.The capacity to actively learn and apply security domain knowledge, knowledge, and best practices to guide the definition of security requirements in support of business initiatives.Strong skills for critical thinking, analyzing, and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks, and developing mitigation strategies, and taking ownership of the outcome.Proven record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise written reports.Ability to communicate technical ideas and concepts clearly, verbally and written, to technical and non-technical audiences, especially in articulating technical vision to executive levels.Educational QualificationsBachelor’s degree in computer science, Information Security, or a related field. A master’s degree is desirable.Certifications such as CISSP, CISM, CISA, or similar are highly desirable.CompetenciesAccountability for Results - Stay focused on key strategic objectives, be accountable for high standards of performance, and take an active role in leading change.Strategic Thinking & Problem Solving - Make decisions considering the long-term impact to customers, patients, employees, and the business.Patient & Customer Centricity - Maintain an ongoing focus on the needs of our customers and/or key stakeholders.Impactful Communication - Communicate with logic, clarity, and respect. Influence at all levels to achieve the best results for Otsuka.Respectful Collaboration - Seek and value others’ perspectives and strive for diverse partnerships to enhance work toward common goals.Empowered Development - Play an active role in professional development as a business imperative.Minimum $164,530.00 - Maximum $245,985.00, plus incentive opportunity: The range shown represents a typical pay range or starting pay for individuals who are hired in the role to perform in the United States. Other elements may be used to determine actual pay such as the candidate’s job experience, specific skills, and comparison to internal incumbents currently in role. Typically, actual pay will be positioned within the established range, rather than at its minimum or maximum. This information is provided to applicants in accordance with states and local laws.Application Deadline: This will be posted for a minimum of 5 business days.Company benefits:  Comprehensive medical, dental, vision, prescription drug coverage, company provided basic life, accidental death & dismemberment, short-term and long-term disability insurance, tuition reimbursement, student loan assistance, a generous 401(k) match, flexible time off, paid holidays, and paid leave programs as well as other company provided benefits.Come discover more about Otsuka and our benefit offerings;.Disclaimer: This job description is intended to describe the general nature and level of the work being performed by the people assigned to this position. It is not intended to include every job duty and responsibility specific to the position. Otsuka reserves the right to amend and change responsibilities to meet business and organizational needs as necessary.Otsuka is an equal opportunity employer. All qualified applicants are encouraged to apply and will be given consideration for employment without regard to race, color, sex, gender identity or gender expression, sexual orientation, age, disability, religion, national origin, veteran status, marital status, or any other legally protected characteristic. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation, if you are unable or limited in your ability to apply to this job opening as a result of your disability. You can request reasonable accommodations by contacting . Statement Regarding Job Recruiting Fraud ScamsAt Otsuka we take security and protection of your personal information very seriously. Please be aware individuals may approach you and falsely present themselves as our employees or representatives. They may use this false pretense to try to gain access to your personal information or acquire money from you by offering fictitious employment opportunities purportedly on our behalf.Please understand, Otsuka will never ask for financial information of any kind or for payment of money during the job application process. We do not require any financial, credit card or bank account information and/or any payment of any kind to be considered for employment. We will also not offer you money to buy equipment, software, or for any other purpose during the job application process. If you are being asked to pay or offered money for equipment fees or some other application processing fee, even if claimed you will be reimbursed, this is not Otsuka. These claims are fraudulent and you are strongly advised to exercise caution when you receive such an offer of employment.Otsuka will also never ask you to download a third-party application in order to communicate about a legitimate job opportunity. Scammers may also send offers or claims from a fake email address or from Yahoo, Gmail, Hotmail, etc, and not from an official Otsuka email address. Please take extra caution while examining such an email address, as the scammers may misspell an official Otsuka email address and use a slightly modified version duplicating letters.To ensure that you are communicating about a legitimate job opportunity at Otsuka, please only deal directly with Otsuka through its official Otsuka Career website .Otsuka will not be held liable or responsible for any claims, losses, damages or expenses resulting from job recruiting scams. If you suspect a position is fraudulent, please contact Otsuka’s call center at: 800-363-5670. If you believe you are the victim of fraud resulting from a job recruiting scam, please contact the FBI through the Internet Crime Complaint Center at: , or your local authorities.Otsuka America Pharmaceutical Inc., Otsuka Pharmaceutical Development & Commercialization, Inc., and Otsuka Precision Health, Inc. (“Otsuka”) does not accept unsolicited assistance from search firms for employment opportunities. All CVs/resumes submitted by search firms to any Otsuka employee directly or through Otsuka’s application portal without a valid written search agreement in place for the position will be considered Otsuka’s sole property. No fee will be paid if a candidate is hired by Otsuka as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.