VP, Chief Information Security Officer
Allergan plc (NYSE: AGN) is a bold, global pharmaceutical company and a leader in a new industry model - Growth Pharma. Allergan is focused on developing, manufacturing and commercializing branded pharmaceutical, device, biologic, surgical and regenerative medicine products for patients around the world.
Allergan markets a portfolio of leading brands and best-in-class products for the central nervous system, eye care, medical aesthetics and dermatology, gastroenterology, women's health, urology and anti-infective therapeutic categories. With commercial operations in approximately 100 countries, Allergan is committed to working with physicians, healthcare providers and patients to deliver innovative and meaningful treatments that help people around the world live longer, healthier lives every day.
Allergan is a company that will inspire you to aim high with your ambition. Where you can build bridges all over the world. Where you can power ideas that drive change. And where you will act fast and drive results for customers and patients. Power your future & join our bold team.
Position Overview
The Chief Information Security Officer (CISO) is accountable globally for protecting the confidentiality, integrity and availability of Allergan’s vast information assets across an R&D, supply chain and commercial enterprise spanning ~70 countries. The CISO is the most senior information protection officer in the company, and will be responsible for designing and implementing a comprehensive information security and risk management program. This position is responsible for managing security risks in a manner that meets compliance, quality, legal and regulatory requirements, and aligns with and supports the risk posture of the company. This position is based in Madison, NJ.
Main Areas of Responsibilities
-
Collaborate with business and functional leadership to identify Allergan’s information and cyber security risks; assess associated threats and vulnerabilities, build and manage treatment plans, and negotiate acceptable levels of residual risk.
-
Govern, manage and monitor the security controls framework to protect Allergan’s information assets and digital technology systems and effectively mitigate significant risks.
-
Inspire, lead, and develop motivated, geographically diverse and high-performance Information Security and Compliance teams across multiple levels and with global reach.
-
Regularly contribute and present to Board of Directors and Audit Committee, covering cybersecurity preparedness and posture, the evolving threat landscape, as well as information security risk treatment and mitigation.
-
Manage executive stakeholders with regular dialogue, status reports, and alert escalation.
-
Ensure IT compliance with regulatory and legal requirements, data privacy, risk management, transparency, and third-party oversight.
-
Chair the Information Security & Risk Board (ISRB), and appropriate supporting sub-committees; ISRB is comprised of executive leadership of major business units and global control/shared services functions, including Legal, Compliance, Audit, HR, Privacy and Business Unit Information Risk officers.
-
Direct the design and deployment of strategic, next-generation security controls to meet the evolving risks faced by Allergan’s global, digital ecosystem; this includes IoT monitoring and control, asset discovery and hygiene assurance, cloud access security (CASB), behavioral analytics (UBA), access analytics, and cross-industry cyber threat analytics.
-
Institutionalize 3rd-Party Oversight and Risk Assessment Processes, including inventory, assessment, risk acceptance, controls assurance and secure partner connectivity.
-
Work closely with IT functional areas and service providers.
-
Lead and champion full information sharing and collaboration across the healthcare sector, to provide a collective focus on protecting the industry against evolving security threats; represent Allergan as an active leader within important security forums such as NH-ISAC.
-
Direct a team of technical and investigative resources running a global information security incident response process.
Requirements
The following listed requirements need to be met at a minimum level to be considered for the job:
-
Minimum 15 years of relevant information technology, risk, security, and compliance experience in a global environment; must have a broad range of exposure to all aspects of information security and a significant depth of technical expertise.
-
Minimum 10 years of management experience; experience in building and/or running information security teams.
Preferred Skills/Qualification
The below skills are attributes that are desired in the ideal candidate.
-
Proficient in global information and cyber security leadership, focused in the areas of critical intellectual property protection and personal data privacy requirements.
-
Experienced in working at executive levels and cross functionally across the organization to support business strategic goals and plans.
-
Strong communication skills are needed to interact with team members, executive management, strategic partners and clients.
-
Possess a confident style which reflects emotional intelligence and a hands-on approach.
-
Knowledge of regulatory requirements (e.g. SOX, GDPR, Transparency, etc.).
-
Deep understanding and service delivery in areas including, but not limited to, platform, network, and application security, data protection, mobility, 3rd-party oversight, advanced cyber threats, identity and access management, compliance and risk management
-
Strong technical skills relevant to cyber and internet security such as IDS/IPS, vulnerability management, cloud access security, security event management, threat intelligence, log management and proactive risk analytics.
-
Strong overall technical background and comfortable with data analytics, cloud/digital strategy and mathematical modeling.
-
Experience on large information security projects, assessments, audits, threat detection and response.
-
Demonstrated understanding of risk assessment procedures, policy formation and role based authorization methodologies, authentication technologies, and security attack vectors.
-
Technical proficiency in security hardware, software and services; ability to function as consultant to other information technology groups on security matters as a recognized technical expert.
-
Highly knowledgeable about the healthcare and life sciences business environment; pharmaceutical industry and drug development experience strongly valued.
-
Highly developed analytical, problem-solving, and consulting skills.
-
Strong change leadership, communication, influencing, and negotiation skills.
-
Strategic thinker, keeping big picture in mind while ensuring execution excellence.
-
Ability to manage complexity, help team prioritize, and make effective decisions in complex, cross-functional, changing environments. Proven leadership of high-performing cross-functional global teams in matrixed organizations.
Education
-
Bachelor’s Degree in Computer Science, Engineering or related discipline; Master’s degree preferred.
-
Information security certification (e.g., CISSP, CISM, etc.) preferred.
#LI-KK1
Equal Employment Opportunity Employer
Allergan is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other protected status.