The Regeneron Genetics Center® (RGC) is a uniquely integrated research initiative that seeks to improve patient care by using genomic approaches to speed drug discovery and development. We are looking for a Business Information Security Officer (BISO). You will be the information security lead for all services and core platforms; responsible for prioritizing security risks and representing the RGC business unit in local security matters. Key success criteria for this role include driving security into all RGC internal services and business customer-facing solutions, ensuring risk remediations are prioritized appropriately with system owners and management. Combining an eye for business with technical/security knowledge, you are accountable for setting and driving Information Security and Compliance agenda for RGC based on business needs.

The ideal candidate will understand the key data assets and processes, understand the compliance/regulatory environment the business operates in, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, they will ensure business compliance with Information Security Policies, Standards, and Controls while continuously monitoring and reporting risks and documented exceptions. They are accountable for helping the business achieve its objectives while maintaining an appropriate security posture.

Key focus areas include:

• Plan and manage the information security posture for RGC in line with corporate policies, procedures, and regulatory / contractual obligations.

• Management and execution of 3rd party assessment activities including responding to Vendor Risk Management requests (e.g., SIG and third-party questionnaires) from collaborators.

• Evangelize and drive information security initiatives across RGC.

As the RGC Business Information Security Officer, a typical day might include the following:

• Lead the implementation of the corporate information security across the business. Manage the security processes and effectively ensuring guidance in accordance to corporate policies and procedures

• Develop and maintain a deep comprehension of RGC’s processes, systems, cloud infrastructure, technologies, data, customers, consumers, partners.

• Manage and respond to InfoSec support requests from across the business and our collaborators in coordination with the CISO organization.

• Assess and develop mitigations for system security threats & risks.

• Plan requirements, identify risks, interact with collaborators, track projects on a weekly/monthly/yearly schedule, work with various teams to ensure implementation of security controls, collect evidence for audit and work with external auditors.

• Proactively identify and report on non-compliance and areas of potential improvement.

• Define, measure, and monitor meaningful metrics for the RGC related to their current security position and the effectiveness of the InfoSec program against strategic plans and priorities.

This job might be for you if:

• You look for cooperation and collaboration between different levels of the organization to implement information security standards

• You thrive in a fast-paced environment and have the business and technology savvy to understand key data assets, processes and systems in a business unit

• You have a demonstrated passion for making things better and building resourceful solutions

• You have excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business partners and IT team members.

• You are a critical thinker with strong problem-solving skills.

In order to be considered for the Director, BISO role, you must have a Bachelor's degree and minimum of 12 years of experience in Information Security, Information Assurance and/or Cyber Security space. Additional relevant experience and professional certifications will be considered in lieu of a degree. Extensive experience in the IS field designing and implementing enterprise security solutions in a global context. Experience with security practices such as security incident response and risk management. Experience in the design, development, implementation, and operational support of critically important solutions in large scale cloud environments. Knowledge of information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST. Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies. Advanced degree in applicable field. Professional security management certification, such as a Health Certified Information Systems Security Professional (HCISSP), Certified Information Security Manager (CISM) or other similar credentials, is desired. Technical writing-comfortable writing reports for senior management. 8+ years of IT security experience working in an infrastructure or security architecture environment. CISSP, CCNA, CCIE or other relevant industry certifications. Cyber security risk management experience, e.g. conducting assessments, identifying risks, and recommending solutions. Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171, ISO 27001/2. Genomic / Clinical data experience/knowledge is a plus. You must be onsite at least 3 days a week, nonnegotiable.

Does this sound like you? Apply now to take your first steps toward living the Regeneron Way! We have an inclusive and diverse culture that provides comprehensive benefits including health and wellness programs, fitness centers and equity awards, annual bonuses, and paid time off for eligible employees at all levels!

Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application process. Please contact us to discuss any accommodations you think you may need.

The salary ranges provided are shown in accordance with U.S. law and apply to U.S. based positions, where the hired candidate will be located in the U.S. If you are outside the U.S, please speak with your recruiter about salaries and benefits in your location.

Salary Range (annually)

$198,000.00 - $330,000.00