Sr. Director, Security and Compliance
Pfizer, New York, NY, United States
Senior Director, Security & Compliance
Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer's organization. We are seeking an experienced Senior Director, Security & Compliance to lead the Security and Compliance Business Partners function within the Cybersecurity GRC organization. This role partners closely with R&D, PGS Manufacturing, Commercial, Digital, Enabling Services and corporate functions to ensure cybersecurity, data protection, and regulatory compliance requirements are understood, implemented, and sustained across the enterprise. The role serves as a trusted advisor to senior business leaders, helping them manage cybersecurity and compliance risks in alignment with company policies, regulatory obligations, and industry expectations. This position plays a key role in developing and implementing a modern and technology-led approach to supporting a highly regulated pharmaceutical environment, including oversight of GxP systems, data integrity, patient safety, and global regulatory compliance. Role Responsibilities
Business Partnership & Advisory Establish the vision and operational cadence for a team of Security and Compliance Partners who are assigned global business units, regions and functional areas Implement a technology driven solution to support Build strong relationships with senior leaders to integrate security and compliance considerations into business operations and strategic initiatives. Lead the development of practical, risk-based guidance that enables the business to meet regulatory and security requirements while supporting innovation. Partner with key leaders throughout the organization to execute on strategic goals and priorities for the Cyber GRC function. Cybersecurity Compliance Oversight Develop and execute a vision to modernize and scale cyber and digital compliance. Ensure alignment with pharmaceutical regulatory requirements, including GxP, data integrity, privacy, and global regulatory expectations. Partner with Quality, Legal, Privacy, and Enterprise Risk Management teams to ensure consistent application of governance and controls. Support the identification, assessment, and management of cybersecurity, IT and compliance risks affecting business processes, systems, and data. Regulatory and Audit Support Support internal and external audits, regulatory inspections, and compliance assessments by coordinating business engagement and remediation activities. Help business teams prepare for regulatory inquiries related to cybersecurity, data protection, and system controls. Track and report internal and external findings, remediation progress and risk acceptance decisions. Implement technology-led solutions to streamline audit and inspection processes. Leadership, Communication, and Reporting Promote consistent processes, documentation, and reporting while allowing flexibility for local regulatory requirements. Set clear role expectations, performance objectives, and development plans for team members. Foster a culture of collaboration, accountability, and continuous improvement. Provide regular updates to senior leadership on cybersecurity and compliance risks, trends, and key initiatives. Define and monitor key metrics to demonstrate security and compliance posture to leadership. Develop executive and committee-level reporting as needed. Basic Qualifications
Bachelor's degree required 12+ years of experience in Cybersecurity, IT, GRC, compliance, quality, or risk management roles within regulated industries, preferably in pharmaceutical industry Experience partnering directly with business leaders in a complex, global organization Proven ability to lead complex programs with multiple stakeholders and competing priorities Strong understanding of cybersecurity and IT risk management and compliance concepts in a pharmaceutical or life sciences environment Excellent communication and interpersonal skills; ability to influence across levels and functions CISM, CRISC or CISSP Certification Proficiency in project management tools (e.g., Smartsheet, MS Project), data analysis platforms, and MS Office Suite Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach. Preferred Qualifications
Experience supporting GxP-regulated environments (GMP, GCP, GLP) and validated systems Life Sciences or Consumer Products preferred Familiarity with global regulations and standards such as GDPR, HIPAA, SOX, ISO 27001, and NIST Experience working with Quality Management Systems (QMS) and regulatory inspection processes Professional certifications such as CISSP, CISM, CRISC, or similar Strong interpersonal and communication skills Ability to translate technical and regulatory requirements into business-friendly guidance Executive presence and stakeholder management Global mindset and ability to work across cultures Collaborative leadership style Continuously seeks new knowledge and approaches, leveraging innovation to enhance efficiency, effectiveness and impact Candidate demonstrates a breadth of diverse leadership experiences and capabilities including: the ability to influence and collaborate with peers, develop and coach others, oversee and guide the work of other colleagues to achieve meaningful outcomes and create business impact. Non-standard work schedule, travel or environment requirements Travel as required by the business (domestic and/or international) Estimated at 25% Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week, or as needed by the business This role is NOT remote
Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer's organization. We are seeking an experienced Senior Director, Security & Compliance to lead the Security and Compliance Business Partners function within the Cybersecurity GRC organization. This role partners closely with R&D, PGS Manufacturing, Commercial, Digital, Enabling Services and corporate functions to ensure cybersecurity, data protection, and regulatory compliance requirements are understood, implemented, and sustained across the enterprise. The role serves as a trusted advisor to senior business leaders, helping them manage cybersecurity and compliance risks in alignment with company policies, regulatory obligations, and industry expectations. This position plays a key role in developing and implementing a modern and technology-led approach to supporting a highly regulated pharmaceutical environment, including oversight of GxP systems, data integrity, patient safety, and global regulatory compliance. Role Responsibilities
Business Partnership & Advisory Establish the vision and operational cadence for a team of Security and Compliance Partners who are assigned global business units, regions and functional areas Implement a technology driven solution to support Build strong relationships with senior leaders to integrate security and compliance considerations into business operations and strategic initiatives. Lead the development of practical, risk-based guidance that enables the business to meet regulatory and security requirements while supporting innovation. Partner with key leaders throughout the organization to execute on strategic goals and priorities for the Cyber GRC function. Cybersecurity Compliance Oversight Develop and execute a vision to modernize and scale cyber and digital compliance. Ensure alignment with pharmaceutical regulatory requirements, including GxP, data integrity, privacy, and global regulatory expectations. Partner with Quality, Legal, Privacy, and Enterprise Risk Management teams to ensure consistent application of governance and controls. Support the identification, assessment, and management of cybersecurity, IT and compliance risks affecting business processes, systems, and data. Regulatory and Audit Support Support internal and external audits, regulatory inspections, and compliance assessments by coordinating business engagement and remediation activities. Help business teams prepare for regulatory inquiries related to cybersecurity, data protection, and system controls. Track and report internal and external findings, remediation progress and risk acceptance decisions. Implement technology-led solutions to streamline audit and inspection processes. Leadership, Communication, and Reporting Promote consistent processes, documentation, and reporting while allowing flexibility for local regulatory requirements. Set clear role expectations, performance objectives, and development plans for team members. Foster a culture of collaboration, accountability, and continuous improvement. Provide regular updates to senior leadership on cybersecurity and compliance risks, trends, and key initiatives. Define and monitor key metrics to demonstrate security and compliance posture to leadership. Develop executive and committee-level reporting as needed. Basic Qualifications
Bachelor's degree required 12+ years of experience in Cybersecurity, IT, GRC, compliance, quality, or risk management roles within regulated industries, preferably in pharmaceutical industry Experience partnering directly with business leaders in a complex, global organization Proven ability to lead complex programs with multiple stakeholders and competing priorities Strong understanding of cybersecurity and IT risk management and compliance concepts in a pharmaceutical or life sciences environment Excellent communication and interpersonal skills; ability to influence across levels and functions CISM, CRISC or CISSP Certification Proficiency in project management tools (e.g., Smartsheet, MS Project), data analysis platforms, and MS Office Suite Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach. Preferred Qualifications
Experience supporting GxP-regulated environments (GMP, GCP, GLP) and validated systems Life Sciences or Consumer Products preferred Familiarity with global regulations and standards such as GDPR, HIPAA, SOX, ISO 27001, and NIST Experience working with Quality Management Systems (QMS) and regulatory inspection processes Professional certifications such as CISSP, CISM, CRISC, or similar Strong interpersonal and communication skills Ability to translate technical and regulatory requirements into business-friendly guidance Executive presence and stakeholder management Global mindset and ability to work across cultures Collaborative leadership style Continuously seeks new knowledge and approaches, leveraging innovation to enhance efficiency, effectiveness and impact Candidate demonstrates a breadth of diverse leadership experiences and capabilities including: the ability to influence and collaborate with peers, develop and coach others, oversee and guide the work of other colleagues to achieve meaningful outcomes and create business impact. Non-standard work schedule, travel or environment requirements Travel as required by the business (domestic and/or international) Estimated at 25% Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week, or as needed by the business This role is NOT remote