Vice President, Information Security, CISO

This is a fully remote position, open to applicants in New York.

📋 Description

• Facilitate an ACM information security governance framework through the establishment of a hierarchical governance program.

• Define and implement the enterprise information security strategy and roadmap that aligns with business objectives and regulatory requirements.

• Provide regular updates on the current status of the information security program to enterprise risk teams, senior business leaders, and the board of directors.

• Ensure IT security requirements are incorporated into vendor contracts by collaborating with vendor management and procurement teams.

• Develop and oversee a targeted information security awareness training program for all employees, contractors, and approved system users.

• Engage with related disciplines through committees to guarantee consistent application of policies and standards across all technology projects, systems, and services.

• Act as an executive advisor on cyber risk to ACM’s Executive Leadership Team (ELT).

• Establish security governance, policies, standards, and metrics across global operations.

• Lead security investment planning and budget management.

• Create an information security vision and strategy that aligns with organizational priorities and supports the organization's business objectives.

• Develop, implement, and monitor a comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets.

• Enhance an up-to-date information security management framework based on ISO 27001.

• Create and manage a unified and adaptable control framework to integrate and normalize the diverse and evolving requirements arising from global laws, standards, and regulations.

• Develop and maintain a documentation framework of continuously updated information security policies, standards, and guidelines.

• Oversee the approval and dissemination of these information security policies and practices.

• Create a framework outlining roles and responsibilities pertaining to information ownership, classification, accountability, and protection of information assets.

• Facilitate a metrics and reporting framework to evaluate the efficiency and effectiveness of the program, support appropriate resource allocation, and enhance the maturity of the information security, while reviewing it with stakeholders at the executive and board levels.

• Ensure compliance with regulations and standards, including ISO 27001, NIST, HIPAA, SOC 2, PCI, FDA (21 CFR Part 11), GxP (GMP, GLP, GCP), HIPAA/HITECH, GDPR, and global privacy laws.

• Collaborate with Quality, Regulatory Affairs, and Legal teams to support audits and inspections.

• Oversee data integrity and validation controls for regulated systems.

• Protect research data, clinical trial data, patient data, software development, manufacturing intellectual property, and trade secrets.

• Implement data classification, encryption, and access control strategies.

• Supervise secure collaboration with CROs, CMOs, research partners, and academic institutions.

• Identify, assess, and mitigate cyber risks across IT, OT, cloud, and laboratory environments.

• Oversee ACM’s vulnerability management, penetration testing, and threat intelligence initiatives.

• Collaborate with RRH IT to establish and oversee incident response, breach management, and cyber resilience programs.

• Develop capabilities for cyber resilience and business continuity.

• Guide secure implementation of cloud platforms, AI/ML, digital labs, IoT/OT, and data platforms.

• Ensure a security-by-design approach throughout system development and validation lifecycles.

• Oversee identity and access management, zero trust architecture, endpoint security, network security, and SOC operations.

• Develop and enforce third-party risk management programs for vendors, CROs, CMOs, and SaaS providers.

• Assess cyber risks associated with manufacturing, logistics, and distribution partners.

• Collaborate and liaise with ACM’s data privacy officer and RRH IT security.

⛳️ Requirements

• Master’s degree in a relevant field or MBA preferred.

• Proven success in managing global security programs within complex, regulated environments.

• Demonstrated experience in managing and ensuring IT cloud security.

• ISO 27001 Lead Implementer/Auditor certification.

• Minimum of 5 years of proven experience in global life sciences and biotech industries.

• Established experience in developing and managing an ISO 27001 compliant IT security framework.

• Cloud security certifications (AWS, Azure, GCP) are a plus.

• In-depth understanding of life sciences and biotech regulatory environments on a global scale.

• Proven ability to collaborate with and manage service providers to ensure compliance with organizational expectations.

• Significant experience/knowledge in building IT security frameworks compliant with regulations and standards such as FDA (21 CFR Part 11), GxP (GMP, GLP, GCP), ISO 27001, NIST, HIPAA/HITECH, GDPR, SOC 2, and PCI.

• Advanced troubleshooting and analytical skills.

• Strong communication and cross-functional collaboration abilities.

• High attention to detail and dedication to system reliability.

• Capability to manage multiple complex initiatives simultaneously.

• Strong executive communication and board-level presentation skills.

• Risk-based decision-making abilities and business acumen.

• Experience in balancing innovation with compliance and patient safety.

• Up-to-date knowledge of IT security methodologies and trends in both business and IT sectors.

• Proven track record in developing information security policies and procedures, along with successfully executing programs that meet excellence objectives in a dynamic business environment.

• Project management skills, including financial/budget management, scheduling, and resource management.

• Engagement and collaboration with service providers.

🏝️ Benefits

• Health insurance.

• 401(k) matching.

• Flexible work hours.

• Paid time off.

• Remote work options.