ROLE SUMMARY
Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization.
We are seeking an experienced Director of Business Information Security Office (BISO) to lead and mature the organization’s enterprise business information security officer program. The ideal candidate will be responsible for establishing the program and developing the business integration for cybersecurity, data protection, and regulatory compliance across a highly regulated pharmaceutical environment. The Director will provide strategic leadership in establishing clear accountability, developing an insight-driven program, and driving consistent awareness across a broad spectrum of business stakeholders.
This role partners broadly across business units and technology functions to ensure alignment with digital and cyber initiatives, and promotes a culture of transparency and compliance. The Director, Business Information Security Office will champion integrated initiatives, guide senior leaders in understanding enterprise policy controls and risks, and serve as the strategic bridge between the central Information Security function and business units.
ROLE RESPONSIBILITIES
Lead the enterprise cyber Business Information Security Office.
Design the BISO governance framework, define engagement models, establish performance metrics, and recruit and develop BISOs aligned to critical business domains and key regional functions.
Partner with senior leaders across R&D, Manufacturing, Commercial, Digital, and Corporate functions when there are emerging digital or cyber risks and regulations; guide strategic plan for compliance.
Establish structured reporting to Quality and Risk Committees and executive leadership
Oversee governance mechanisms that ensure cybersecurity, data protection, and regulatory requirements are effectively implemented and sustainably managed.
Champion a culture of cyber accountability, transparency, and continuous improvement across the enterprise.
Enable secure-by-design principles in product lifecycle management, cloud transformation, and third-party risk management.
Serve as senior advisor to business executives on cyber risk trade-offs, risk acceptance decisions, and remediation prioritization.
Evaluate the effectiveness of enterprise cybersecurity programs and report insights to leadership to support informed decision making.
Collaborate with cross‑functional teams to enhance governance maturity, ensure policy adoption, and strengthen organizational resilience.
BASIC QUALIFICATIONS
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field
Strong understanding of security architecture, cloud risk, third-party risk management, and Secure SDLC
10+ years of progressive experience in cybersecurity, governance, risk management, or compliance roles
5+ years of leadership experience overseeing cybersecurity governance, policy, or risk management programs at scale
Deep knowledge of cybersecurity governance frameworks (NIST CSF, ISO 27001/27701, FDA/GxP expectations, data integrity principles)
Demonstrated experience establishing and managing enterprise policies, standards, controls, and governance mechanisms
Strong expertise in regulatory compliance relevant to the pharmaceutical industry (e.g., GxP, SOX, data privacy, global health authority expectations, NIS2, DOJ)
Proven ability to partner with senior executives and influence decision making across diverse business and technology functions
Experience in large-scale or highly regulated environments, preferably Life Sciences or Consumer Products
PREFERRED QUALIFICATIONS
Professional certifications: CISSP, CISM, CRISC or similar
Excellent strategic thinking
Deeply analytical and credible
Fact-based decision-making
Ability to challenge, influence, and support senior leadership
Excellent communication and presentation skills
Ability to bring structure to vaguely defined problems and solve them with creative yet pragmatic approaches
Resourceful, self-motivated, and proactive – strong drive for excellence
Continuously seeks new knowledge and approaches, leveraging innovation to enhance efficiency, effectiveness and impact
Purpose
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
DisAbility Confident
We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here!
Information & Business Tech