Sr. Director – Business Security, Risk & Compliance (SRC) Lead
Scorpion Therapeutics, San Francisco, California, United States, 94199
Role Summary
Reporting to the Chief Information Security Officer (CISO), the Sr. Director, Business Security, Risk & Compliance (SRC) Lead serves as the strategic security partner for Gilead’s global business functions. This leader drives digital and AI-aligned security strategy, guides secure technology adoption, and ensures risk-informed decision making across the enterprise. This is a site-based role located at our headquarters in Foster City, CA with a hybrid schedule of 2 days optional work from home and 3 days onsite. Leads a global team of six security professionals responsible for developing, implementing, and supporting Gilead’s information security, risk and compliance capabilities. Responsibilities
Strategic Leadership & Digital Security Architecture Lead the development and execution of Gilead’s digital and AI aligned security strategy. Ensure cyber, AI, and information security risks are identified, assessed, communicated, and effectively managed; escalate material concerns as needed. Translate business, digital, and technology strategies into secure architectural designs and roadmaps. Drive system architecture decisions that balance functionality, service quality, performance, and security. Business Partnership & Digital Enablement Serve as the primary security advisor to global business functions, collaborating to evaluate emerging digital and AI initiatives. Partner with IT Business Engagement teams to understand business priorities, requirements, and technology roadmaps. Influence technology choices to ensure alignment with security standards and regulatory expectations. Technology Strategy, Innovation & Solution Development Evaluate and recommend emerging security technologies, tools, and platforms to enhance Gilead’s digital security posture. Lead the definition and evolution of security frameworks, standards, and reference architecture. Drive continuous improvement of security processes, systems, and delivery capabilities. Oversee the design and development of new digital security solutions and enhancements to existing capabilities. Risk Management, Compliance & Controls Ensure digital solutions meet regulatory, risk, and compliance requirements across regions (including EU and APAC). Partner with Security Architecture & Governance and IT Risk & Compliance teams to define effective control requirements and operational implementation. Conduct and oversee security assessments, penetration testing, vulnerability analysis, and remediation efforts. Operational Leadership & Incident Response Guide the deployment and optimization of security technologies including SIEM, IDS/IPS, SecOps tools, endpoint and network security, and firewalls. In the event of a cyber incident, lead coordinated response with SOC, IT teams, and business partners to contain impact and support recovery. Metrics, Reporting & Communication Develop and track key performance indicators that measure the effectiveness of security controls and digital risk posture. Create compelling executive presentations that articulate strategy, risks, solution architectures, and roadmaps to senior leaders and stakeholders. Team Leadership & Talent Development Lead and develop a high performing, globally distributed Security, Risk & Compliance team. Foster an inclusive, collaborative, and innovative team culture aligned with Gilead’s core values. Identify, attract, and retain top security talent, including management of external partners, vendors, and academic collaborators. Qualifications
Required:
10+ years of experience in IT, enterprise applications, or business technology functions. Required:
4–5+ years of experience in cybersecurity, privacy, or risk management leadership roles. Preferred:
Industry certifications such as CISSP or equivalent. Preferred:
Experience in both established enterprises and high-growth environments. Education
Bachelor’s degree in computer science, Information Systems, Business, or related field; advanced degree preferred. Skills
Strategic Thinking & Business Vision Innovation & Continuous Improvement Global Mindset Stakeholder Management Agility, Adaptability & Tolerance for Ambiguity Influence, Persistence & Accountability Team Leadership & Talent Development
#J-18808-Ljbffr
Reporting to the Chief Information Security Officer (CISO), the Sr. Director, Business Security, Risk & Compliance (SRC) Lead serves as the strategic security partner for Gilead’s global business functions. This leader drives digital and AI-aligned security strategy, guides secure technology adoption, and ensures risk-informed decision making across the enterprise. This is a site-based role located at our headquarters in Foster City, CA with a hybrid schedule of 2 days optional work from home and 3 days onsite. Leads a global team of six security professionals responsible for developing, implementing, and supporting Gilead’s information security, risk and compliance capabilities. Responsibilities
Strategic Leadership & Digital Security Architecture Lead the development and execution of Gilead’s digital and AI aligned security strategy. Ensure cyber, AI, and information security risks are identified, assessed, communicated, and effectively managed; escalate material concerns as needed. Translate business, digital, and technology strategies into secure architectural designs and roadmaps. Drive system architecture decisions that balance functionality, service quality, performance, and security. Business Partnership & Digital Enablement Serve as the primary security advisor to global business functions, collaborating to evaluate emerging digital and AI initiatives. Partner with IT Business Engagement teams to understand business priorities, requirements, and technology roadmaps. Influence technology choices to ensure alignment with security standards and regulatory expectations. Technology Strategy, Innovation & Solution Development Evaluate and recommend emerging security technologies, tools, and platforms to enhance Gilead’s digital security posture. Lead the definition and evolution of security frameworks, standards, and reference architecture. Drive continuous improvement of security processes, systems, and delivery capabilities. Oversee the design and development of new digital security solutions and enhancements to existing capabilities. Risk Management, Compliance & Controls Ensure digital solutions meet regulatory, risk, and compliance requirements across regions (including EU and APAC). Partner with Security Architecture & Governance and IT Risk & Compliance teams to define effective control requirements and operational implementation. Conduct and oversee security assessments, penetration testing, vulnerability analysis, and remediation efforts. Operational Leadership & Incident Response Guide the deployment and optimization of security technologies including SIEM, IDS/IPS, SecOps tools, endpoint and network security, and firewalls. In the event of a cyber incident, lead coordinated response with SOC, IT teams, and business partners to contain impact and support recovery. Metrics, Reporting & Communication Develop and track key performance indicators that measure the effectiveness of security controls and digital risk posture. Create compelling executive presentations that articulate strategy, risks, solution architectures, and roadmaps to senior leaders and stakeholders. Team Leadership & Talent Development Lead and develop a high performing, globally distributed Security, Risk & Compliance team. Foster an inclusive, collaborative, and innovative team culture aligned with Gilead’s core values. Identify, attract, and retain top security talent, including management of external partners, vendors, and academic collaborators. Qualifications
Required:
10+ years of experience in IT, enterprise applications, or business technology functions. Required:
4–5+ years of experience in cybersecurity, privacy, or risk management leadership roles. Preferred:
Industry certifications such as CISSP or equivalent. Preferred:
Experience in both established enterprises and high-growth environments. Education
Bachelor’s degree in computer science, Information Systems, Business, or related field; advanced degree preferred. Skills
Strategic Thinking & Business Vision Innovation & Continuous Improvement Global Mindset Stakeholder Management Agility, Adaptability & Tolerance for Ambiguity Influence, Persistence & Accountability Team Leadership & Talent Development
#J-18808-Ljbffr