Head of Global Cybersecurity

Legend Biotech is seeking Head of Global Cybersecurity as part of the IT team based in Somerset, NJ. 

Role Overview

 The Head of Global Cybersecurity is a senior leadership role that will oversee and shape the organization’s entire cybersecurity strategy, encompassing people, processes, and technologies. This role requires not only high-level strategic direction but also hands-on responsibility for developing and implementing cybersecurity capabilities across the organization’s global operations. This role will be reported to the Head of Information Technology and will be a member of the Global IT Leadership Team.

Key Responsibilities  

• Cybersecurity Strategy and Policy Development: Lead the creation of a comprehensive cybersecurity strategy aligned with global business objectives. Develop policies to protect information assets and ensure regulatory compliance. Balance security needs with operational efficiency through a risk-based approach.
  
• Risk Management and Threat Analysis: Identify, assess, and mitigate cybersecurity risks across all regions and systems. Develop and apply risk management frameworks, performing regular threat assessments to address vulnerabilities proactively.
  
• Incident Response and Recovery: Establish and maintain robust incident response protocols, including detection, response, and recovery procedures. Lead the organization through high-stakes incidents, minimizing operational impact and safeguarding data integrity.
  
• Solution Development Based on Risk: Develop and implement cybersecurity solutions that are tailored to the specific risk profiles. Utilize a risk-based approach to prioritize and address the most critical vulnerabilities, ensuring that resources are allocated efficiently. Continuously monitor and adapt solutions to evolving threats, maintaining a proactive stance in safeguarding the organization's assets.
  
• Collaboration and Reporting: Collaborate with the Global IT Leadership Team to align IT and cybersecurity initiatives, fostering a unified approach to protecting organizational assets. Report on cybersecurity performance, risk status, and incidents to executive stakeholders and the audit committee.
  
• Leadership and Team Management: Oversee the global cybersecurity team, including recruitment, training, and development. Promote a culture of security awareness and ensure alignment with cybersecurity goals.
  
• Technology and Vendor Management: Select, implement, and oversee cybersecurity technologies and solutions. Manage third-party vendor relationships to ensure compliance with organizational cybersecurity standards.
• The incumbent has the authority to make decisions related to technical direction, methodologies, approaches and processes. The person can also make decisions related to project execution, including timelines, milestones and resource allocation within budget. Higher-level approvals are required for those related to significant budget allocations, strategic shifts, or actions may involve significant risks to the company or have substantial financial or long-term implications.

Requirements

• Degree in a technology-related field or business administration.
  
• Professional security management certification (e.g., CISSP, CISM) preferred.
• Leadership in Multinational Corporations: Demonstrated expertise in managing cybersecurity operations across diverse regions, including China, the US, and the EU. Skilled in navigating complex regulatory frameworks and cultural nuances to ensure compliance and robust security standards.
  
• Technical and Strategic Expertise: Deep knowledge of cybersecurity technologies and protocols, with the ability to turn technical issues into actionable business strategies and solutions.
  
• Project and Budget Management: Proficient in allocating resources, managing budgets, and delivering cybersecurity projects within financial and timeline constraints.
  
• Relevant Certifications: Strongly preferred certifications such as CISSP, CISM, or CISA, paired with knowledge of risk frameworks like NIST and ISO 27001.
  
• Industry Experience: Over 15 years in information security, focusing on risk management, threat mitigation, and incident response. Knowledgeable about biotech/pharma regulations (HIPAA, FDA), including GMP and non-GMP environments.
  
• Vendor and Contract Management: Skilled in managing third-party cybersecurity standards and overseeing managed services.
  
• Communication and Integrity: Strong written and verbal communication skills, with a commitment to high ethical standards.
  
• Cross-Cultural Team Collaboration: Experienced in managing teams across time zones and navigating cultural nuances in cybersecurity practices.
  
• Global Incident Response: Proficient in coordinating incident response globally, adapting to regional legal requirements, including those in China, the EU, and the US.
• Cybersecurity Program Development: Experienced in building cybersecurity programs that prioritize risk management and advanced threat detection.
  
• Framework and Compliance Proficiency: Familiar with frameworks like ISO 27001, GDPR, SOX, and HIPAA for seamless regulatory alignment.
  
• Cloud Security and Data Residency: Expertise in cloud security and compliance with data residency laws.
  
• Cybersecurity Automation and AI: Knowledgeable about automation and AI in cybersecurity, mindful of regional regulatory impacts.
• Mandarin would be a plus.

#Li-LB1

#Li-Hybrid