• Establish annual and long-range security and compliance goals, define cybersecurity strategies, metrics, reporting mechanisms and program services.
• Develop and manage a framework for evaluating the maturity of the cybersecurity program and a roadmap for continual improvements.
• Stay abreast of emerging cybersecurity threats, trends, and technologies, continuously enhancing the company's security posture.

• Manage team performance and support career guidance of a high performing international team that supports Governance, Risk, and Compliance GRC), Cyber Operations and Threat Intel, and Cyber Engineering.
• Provide direction and oversight to BioMarin's augmented Cyber Security Operations Center (CSOC) and discretionary Cyber Security projects and initiatives.

• Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure information security and compliance with relevant regulatory and legal policies.
• Be a true champion of partnering with business leaders and Customer Facing IT (CFIT) to ensure risk assessment and risk management processes are well understood, and cybersecurity policies and standards are consistently applied.
• Manage the Vendor Risk assessment process, including recurring verification of vendor risk profiles.

• Provide leadership for cybersecurity incidents and act as the primary control point during significant incidents. Convene a Cybersecurity Incident Response Team (CIRT) as needed.
• Collaborate closely with the Cyber SOC for incident response.
• Provide leadership for cybersecurity-related audits and reviews within the Information Management organization, and partner with other groups as necessary.

Communicate complex and technical issues to diverse audiences in an easily understood and actionable manner.

• Present updates to various levels of the organization to include quarterly updates to BioMarin Audit Committee.
• Represent the company in discussions with regulators, industry partners, and stakeholders on information security and compliance matters.

• Degree in a technology-related field or business administration.
• Professional security management certification (e.g., CISSP, CISM) preferred.

• Minimum of 12+ years of experience in information security, risk management, and technology management.
• Proven track record of designing and implementing effective cybersecurity programs, including risk management, threat detection, and incident response.
• A strong background in biotech, pharmaceuticals, or healthcare is preferred.
• Understand the unique requirements of qualified (GMP) and non-qualified environments typically utilized in the Biotech industry.
• Knowledge of common information security management frameworks and practices, such as ISO/IEC 27001, NIST, SOX, GDPR, and HIPAA.
• Experience with contract and vendor negotiations and management, including managed services.
• Cost center management-ability to create an annual cyber-related budget and demonstrate quarterly financial performance.

• Excellent written and verbal communication skills and high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Strong communication skills with the ability to manage up, down, and across the organization.
• Extensive knowledge of regulatory requirements and compliance standards relevant to the biotech and healthcare industries, such as HIPAA, GDPR, FDA regulations, etc.
• Commitment to diversity, equity, and inclusion, with a demonstrated ability to foster a culture of belonging and respect in the workplace.