Executive Director – Governance, Risk and Compliance

This is a fully remote position, open to applicants in California, +4 more states.

📋 Description

• The Executive Director of Information Security plays a crucial leadership role overseeing Governance, Risk, and Compliance (GRC) within Amgen’s global digital operating landscape.

• This leadership position is essential for formulating comprehensive strategies and frameworks aimed at managing and mitigating risks, enhancing Amgen’s corporate governance, and ensuring adherence to relevant laws, regulations, and industry standards (e.g., GxP, SOX, ISO, etc.)

• The Executive Director will provide leadership and peers with critical, timely information to facilitate strategic business decision-making.

• Collaboration with stakeholders from Digital, Technology & Innovation (DTI), Human Resources, Compliance, Law, Quality, Finance, and Privacy is a key aspect of this role.

• Responsible for organizing, training, and equipping a diverse global team of Amgen staff and contractors in alignment with the company’s core values.

• This individual will manage all activities that support GRC service delivery, including strategy formulation, process design, and the establishment of key performance indicators to safeguard Amgen’s capacity for innovation and patient service.

• The Executive Director is a member of the Cybersecurity & Digital Trust Leadership Team and reports directly to the Vice President, Information Security and Chief Information Security Officer.

• Key Responsibilities include:

• Establishing the vision and strategy for Amgen’s global digital Governance, Risk, and Compliance initiatives.

• Providing oversight and assurance for Amgen’s Information Security program in accordance with ISO 27002:2022.

• Overseeing Technology’s Document Management Services (DMS).

• Collaborating with Quality, Finance, and Security leaders to manage GxP, Security, and SOX deviations, along with corrective and preventive actions (CAPAs).

• Partnering with Corporate Audit and the Technology Extended Leadership Team to address audit responses.

• Managing Amgen’s Global Records and Information Management operations.

• Working with key stakeholders to enhance compliance capabilities (e.g., GxP agile validation and process simplification).

• Overseeing Amgen’s Risk services, including third-party business enablement and the digital risk register.

• Providing timely transparency reports and metrics to key stakeholders and senior business leaders (e.g., Chief Financial Officer, Chief Information Officer, Chief Information Security Officer, Quality leadership, etc.).

• Maintaining exceptional service delivery and working collaboratively with global functional teams to continuously improve governance, risk, and compliance services.

• Leading the Artificial Intelligence (AI) Risk and Controls working team, composed of cross-functional business units, to promote Amgen’s adoption of Trustworthy AI.

• Acting as a key stakeholder and strategic partner to the Responsible AI Council, representing Technology, and ensuring alignment of AI governance, risk, and control frameworks with enterprise Responsible AI principles and regulatory expectations.

• Creating and managing budgets for annual support, enhancements, and build efforts while maximizing resource allocation across multiple services and tools; this includes operational costs for resources (full-time employees, contract workers, and managed service providers) necessary for GRC operations.

• Empowering employees through Amgen’s Decision, Advice, Inform (DAI) model; delegating responsibilities appropriately and fostering accountability and regular feedback.

• Encouraging teamwork and unity among department members, promoting healthy debate, swift conflict resolution, appreciation of diversity, and strong team cohesion.

• Coaching, mentoring, and developing staff, including overseeing onboarding for new employees and conducting quarterly career development sessions.

• Leading employees through a performance management and development process that provides a framework for encouraging employee contributions, including goal setting and ongoing feedback.

• Guiding talent identification and development processes.

• Collaborating with global industry partners and service providers within the Health Information Sharing and Analysis Center (H-ISAC).

⛳️ Requirements

• Doctorate degree and 6 years of experience in information security OR a Master’s degree with 10 years of information security experience OR a Bachelor’s degree with 12 years of information security experience AND at least 6 years of managerial experience directly managing people or leading teams, projects, programs, or directing resource allocation.

• Experience applying Agile principles and values to transform traditional waterfall-based processes (e.g., Scaled Agile Framework [SAFe]).

• Proven experience leading global, multi-disciplined GRC teams (e.g., SOX, Quality, Security).

• Experience with regulated systems (GxP, SOX) within the pharmaceutical, biotechnology, or healthcare sectors.

• Practical experience in compliance with corporate audit and global regulations (e.g., China Cybersecurity Law, NIS2, Global Data Protection Regulation, etc.).

• Exceptional written and verbal communication skills, tailored to diverse audiences.

• Understanding of records information management, retention schedule management, and oversight.

• Ability to coordinate and lead multiple projects and activities with competing priorities.

• Strong portfolio and project management skills.

• Data-driven problem-solving and analytical capabilities, with a proven track record in a high-performance team.

• Skilled in negotiating critical issues.

• Understanding cognitive biases and the ability to manage them effectively.

• Attention to detail with a focus on delivering vetted information.

• Up-to-date knowledge of current information security trends and topics.

• Experience collaborating with global virtual teams.

• Successful track record of managing multiple priorities.

• Team-oriented, prioritizing the successful achievement of team goals.

• Self-starter with a high degree of initiative and motivation, capable of working effectively with minimal supervision.

• Preferred certifications include: CRISC, CISSP, CGEIT, CISM, CISA, GRCP.

🏝️ Benefits

• Comprehensive employee benefits package, featuring a Retirement and Savings Plan with generous company contributions.

• Group medical, dental, and vision coverage.

• Life and disability insurance.

• Flexible spending accounts.

• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan.

• Stock-based long-term incentives.

• Award-winning time-off plans and bi-annual company-wide shutdowns.

• Flexible work models, including remote work arrangements where feasible.