Job Description

Job Title Executive Director & CISO Requisition JR000015365 Executive Director & CISO (Open) Location Bridgewater, NJ Additional Locations Malvern, PA, Philadelphia, PA Job Description Summary The Chief Information Security Officer (CISO) is responsible for shaping and implementing our cybersecurity vision & strategy. This role manages the enterprise's information security program, identifies, and evaluates IT and cybersecurity risks, and ensures the protection of information assets and associated technology. They work with executive management to determine the organization's acceptable risk levels and implement security practices that meet agreed policies and standards. They drive digital transformation by enabling secure adoption of AI/ML, automation, and zero-trust principles across the enterprise. The CISO communicates the impact of cybersecurity on the business to senior stakeholders and ensures that information systems are secure and compliant with legal, regulatory, and contractual obligations. This role presents regularly to the Executive Team & Board of Directors, translating complex security risks into actionable business insights. The CISO is a thought leader who builds consensus between business and technology and coordinates various drivers and constraints while maintaining objectivity. This role involves overseeing the protection of sensitive data, managing risks, ensuring compliance with regulations, and promoting and continuously enhancing a culture of cyber safety & awareness within the company. Key Responsibilities Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program. Working directly with the business leaders & IT business partners to facilitate risk assessment and risk management processes. Developing and enhancing an information security management framework. Understanding and interacting with related disciplines, either directly or through committees, to consistently apply policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management. Works collaboratively with colleagues to continuously enhance Endo's security profile and respond to new & emerging threats while balancing risks, business operations, and longer‑term strategic goals. Providing leadership to the enterprise's information security organization. Partnering with business stakeholders across the company to raise awareness of risk management concerns. Develop, mentor, and manage a motivated staff of information security professionals, including hiring, training, development, and performance management. Key Accountabilities Strategic Leadership Develops an information security vision, strategy & roadmap that is aligned with organizational priorities and enables and facilitates the organization's business objectives. Collab with the CIO, executive leadership & IT business partners to align security initiatives with business objectives. As a member of the IT Leadership team, actively participate and assist in leading the delivery and evolution of IT's strategy, which includes a portfolio of imperatives focusing on people, processes, and technology. Lead the secure adoption and integration of emerging technologies, including artificial intelligence (AI), machine learning (ML), and automation, to enhance threat detection, response, and operational efficiency. Leads the information security function across the company to ensure consistent and high‑quality information security management in support of the business goals. Provides cybersecurity strategy, risk posture, and key metrics to the Board of Directors and executive committees on a regular basis, translating technical risks into business impact. Serve as a trusted advisor to the Board and executive leadership, providing insights on emerging threats, regulatory changes, and the organization's security maturity. Develop and maintain a comprehensive metrics and reporting framework for Board-level visibility into the effectiveness of the information security program. Determines the information security approach and operating model in consultation with stakeholders. Maintain relationships and connectivity with industry peers, relevant threat intelligence sources, and regulatory agencies to collaborate and stay abreast of cyber events or topics. Risk Management Identify, assess, and prioritize information security risks. Implement effective risk management strategies and controls to mitigate potential threats. Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary to ensure that the organization maintains a strong security posture and is kept well‑abreast of the relevant threats identified by these agencies. Develops, socializes, and coordinates approval and implementation of security policies. Monitors the external threat environment for emerging threats and advises relevant stakeholders on appropriate courses of action. Evaluate medical device security protocols, including IoT and biomedical device integration. Advance the organization's zero‑trust security strategy, ensuring robust identity, access, and data protection across all environments (on‑premises, cloud, and hybrid). Security Audits and Assessments and Continuous Improvement Conduct routine security assessments and audits to identify vulnerabilities. Implement corrective actions to address identified weaknesses. Implement target milestones and metrics to measure performance. Direct the implementation of security automation and orchestration initiatives to streamline incident response, vulnerability management, and compliance monitoring. Drive adoption and optimization of cyber tool sets for a streamlined team member experience – implement appropriate controls while identifying opportunities for automation across the stack. Security Framework and Architecture Design, implement, and maintain a robust and scalable information security architecture, including policies, tools, and governance. Develop and enhance an up‑to‑date information security management framework based on the NIST Cybersecurity Framework. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, increase the maturity of the information security, and review it with stakeholders at the executive and board levels. Ensure that security measures are integrated into all aspects of the IT infrastructure. Direct the implementation of security automation and orchestration initiatives to streamline incident response, vulnerability management, and compliance monitoring. Incident Response Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation. Develop and maintain an incident response plan to address security incidents promptly and efficiently. Lead investigations into security breaches and take appropriate corrective actions. Coordinate the development and implementation of incident response plans and procedures to ensure that business‑critical services are recovered in the event of a security event; provide direction, support, and in‑house consulting in these areas. Compliance and Governance Stay abreast of relevant laws, regulations, and industry standards. Ensure compliance with applicable security standards and frameworks. Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are met. Represent Endo in interactions with government agencies, as needed. Security Awareness and Training Foster a culture of security awareness throughout the organization. Directs the creation of a targeted information security awareness training program for all employees, contractors, and approved system users and establish metrics to measure the effectiveness of this security training program for different audiences. Vendor Management Evaluate and manage relationships with third‑party security vendors. Assess new and recertify existing Endo vendors and ensure that approved Endo vendors adhere to security standards and contractual obligations. Collaboration and Communication Communicate effectively with internal stakeholders, fostering a collaborative and secure environment. Build great partnerships with internal stakeholders and clients. Creates the necessary internal networks among the information security team and line‑of‑business executives, corporate compliance, audit, physical security, legal, and HR management teams to ensure alignment as required. Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks. Qualifications Education & Experience Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security. Bachelor's degree or advanced degree in Information Security, Business Administration, or a technology‑related field. 10+ years of experience operating in an Information Security Leadership and/or CISO role. Strong background in healthcare cybersecurity, especially medical device ecosystems. Experience with developing, socializing, and executing a security roadmap for the business. In‑depth knowledge of information security principles and best practices. Strong understanding of information security, data privacy laws, regulations, and standards. Professional security management certification is strong desired (CISSP, CISM, CISA, CRISC, or similar). Pharmaceutical industry experience strongly desired. Knowledge Regulations, frameworks, and standards, including NIST, ITIL, GDPR, ISO. FDA cybersecurity guidance, ISO 13485, IEC 81001‑5‑1, NIST Cybersecurity Framework. Risk management frameworks and regulatory submission processes. Threat vectors, ransomware risks, data privacy regulations. Industry best practice methodologies. Monitoring and threat‑detection tools. Physical security, network and systems infrastructure, and security‑related tools such as whitelisting, IDS/IPS, anti‑malware, patch management, baselining, SIEM, access control, firewalls. Skills & Abilities Excellent written and verbal communication skills, interpersonal and collaborative skills, and ability to communicate information security and risk‑related concepts to technical and non‑technical audiences at various levels. Experienced and skilled at presenting and public speaking. Strategic leader and builder of vision, bridging teams and energizing the organization. Excellent stakeholder management skills. Excellent communication skills to translate technical risks into business impact. Analytical thinking and problem‑solving, detail‑oriented, balanced with sound business judgment. Project management skills. Experience in financial/budget management. Influence in ambiguity and organizational decisions. Technical infrastructure, network architecture, data movement expertise. IT infrastructure (on‑prem, IaaS), cloud, identity, data protection. Active membership with security consortiums/groups. System monitoring and threat detection expertise. Excellent listening, analytical, and communication skills. Exceptional interpersonal skills. Innovative thinking and leadership to motivate cross‑functional teams. Physical Requirements Occasional travel to sites. Salary The expected base pay range for this position is $280K - $360K. Base pay may vary depending on factors including job‑related knowledge, skills, and experience. Bonus This position is eligible for a bonus in accordance with the terms of the applicable program. Bonuses are awarded at the Company's discretion. Disclaimer The above statements are intended to describe the general nature and level of work performed by employees assigned to this job. They are not intended to be an exhaustive list of all duties, responsibilities, and qualifications. Management reserves the right to change or modify such duties as required. #J-18808-Ljbffr Mallinckrodt Pharmaceuticals

Job Tags

Similar Jobs