Deputy CISO
Job Description
ROLE SUMMARY
Reporting to the CISO, the Deputy CISO is accountable for leading and maturing the firm’s enterprise-wide information security program. The Deputy CISO has overall responsibility for establishing and maintaining an enterprise-wide information security program to ensure that all information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks to ensure a proactive and robust cybersecurity posture. They will work with the business and functional leaders to implement practices that meet defined policies and standards for information security. The Deputy CISO will be responsible for the vision, strategy, governance and operations for Cybersecurity across the global enterprise. They will develop the technical roadmap for cybersecurity and bring a business resilience lens to the function. The Deputy CISO will be an innovative leader that brings broad experience across all areas of cyber security.
Risk Management, Workforce Awareness & Performance Reporting
- Creates a risk-based process to assess and mitigate information security risks intheecosystem including Pfizer’s supply chain partners, vendors and healthcare providers
- With the CISO, develops, socializes, maintains, implements and enforces security policies
- Develops and operates a metrics and reporting framework to measure and improve the efficiency and effectiveness of the information security program
- Provides regular reporting on the status of the information security program outcomes to enterprise risk teams and business-aligned quality & risk committees
- With Procurement, ensures that information security requirements are included in supplier agreements and purchase contracts
- Createstargeted information security awareness training program for all employees, contractors and approved system users
Services Strategy and Operation
- Develops and implements a services strategy that includes all business solution security, threat intelligence, incident detection & response, forensic investigation, security technology engineering, vulnerability management, cyber analytics and workforce awareness functions
- Operates and maintains protective, detective and responsive capabilities to ensure that all information and information systems owned, collected or controlled by or on behalf of the company is appropriately protected from loss, tampering, theft or destruction
- Collaborates and liaises with the data privacy function to ensure that data privacy investigation and response requirements are integrated, where applicable
- Ensures that security is embedded in project delivery by providing security solutions, guidance, consulting and testing to Digital creation centers and business division leaders
- Identifies, manages and contains information security incidents and events to protect financial resources, information assets, intellectual property, regulated data and the company's reputation
- Monitors the external threat environment for emerging threats, and develops response strategies and tactics appropriate to the level of risk
- Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event
People and Financial Leadership
- Manages a high performing, cost-efficient organization, consisting of over 100 colleague reports located in all regional geographies. This includes hiring, training, professional development, and performance management that enables world-class security outcomes
- Creates the necessary internal networks among the information security team and divisional business leaders, corporate compliance, audit, privacy, physical security, legal and HR management teams to ensure alignment and seamless delivery of shared outcomes
- Determines, implements and optimizes the information security operating model in coordination with stakeholders, Digital and Enterprise Platforms & Security leaders to assure alignment with the risk management approach and compliance monitoring needs of the company
- Manages the capital and operating expense budget for all functions under management, including on-going optimization of unit cost and service quality performance for all services.
External and Community Engagement
- Builds and nurtures external networks of industry peers, business partners, suppliers and other parties to address common threats, incidents, risks and opportunities to advance community security
- Liaises with law enforcement, advisory bodies and technology vendors to ensure that the organization maintains a strong security posture and is deeply integrated into community-based threat intelligence sharing networks
- Coordinates with the enterprise architecture team to align the security and enterprise reference architectures, to ensure that information security requirements are built into solutions by design
Direct Reports and Peers
- Business Solutions Enablement and Vulnerability Management
- Incident Detection & Response and Threat Intelligence
- Forensics, Insider Threat and Workforce Awareness
- Security Engineering & Operations
- Cyber Analytics
- Peers
- Digital Risk Management and Compliance
- Identity & Access Management
- Digital Privacy
- Digital Hosting Solutions
- Digital Command Operations
- Workforce Platforms
- Business Operations, Portfolio & ACD
BASIC QUALIFICATIONS
- Bachelor’s degree in information security, information technology, engineering, business management or adjacent disciplines.
- 15+ years of experience in developing and operating enterprise scale cybersecurity services and solutions.
- Demonstrated experience in identifying, managing and communicating technical, business and regulatory risks to senior leadership in business terms.
- Demonstrated experience managing service level P&L and interdepartmental budget.
- Experience working with emerging and transformational technologies (e.g., cloud, GenAI) in a regulated industry.
- Prior experience mentoring, supporting and/or developing technical leaders to achieve strategic outcomes.
- Demonstrated experience in leading enterprise-wide transformational initiatives, driving adoption of modern technology solutions.
- Excellent written and verbal communication skills as well as the ability to indirectly influence key partners and stakeholders.
- Role model of integrity in values and behaviors.
PREFERRED QUALIFICATIONS
- Master’s degree in business administration (MBA) or similar.
- Prior consumer service or life sciences experience.
Other Job Details:
- Last Date to Apply for Job: April 5, 2025
- Relocation Eligible
- Location: Must be based at our Collegeville, PA site
Relocation assistance may be available based on business needs and/or eligibility.
Sunshine Act
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer. This position requires permanent work authorization in the United States.
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.