Business Information Security Officer Director for Global Commercial BTS

Company Description

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.

Job Description

 As a Commercial BTS area Business Information Security Officer (BISO), you secure the organization's Commercial assets through effective alignment of cybersecurity strategies with the business goals. By embodying the crucial connection between Commercial departments and the cybersecurity function, the BISO uplifts the organization's security stance through knowledgeable risk management, astute incident response, and inclusive compliance efforts. Utilizing your expertise in program & project management, data risk management, and leadership, you foster a strong security culture, driving innovation securely, minimizing potential cyber threats, thus positioning cybersecurity as a strategic enabler of operational success and competitive advantage.

Responsibilities:

Strategic Alignment & Risk Management

• Develop and execute cybersecurity strategies aligning with Commercial objectives and regulatory measures.
•  Identify, appraise, and reduce information security risks across Commercial departments, using risk management best practices for data.
•  Collaborate in the establishment of ISRM, data protection, and privacy norms across the organization. Monitor security procedures effectively, offering guidance in accordance with ISRM policies.

Leadership & Collaboration

• Function as information security liaison between Commercial business and technical groups, the CISO, and the Information Security and Risk Management (ISRM) teams.
• Establish and lead a BISO Advisory group, promoting collaboration among IT, legal, and risk management teams in a Commercial BTO context.
• Define, generate, and present crucial risk KPI’s to business leaders.
• Function as a cyber security subject matter expert (SME), coordinating and providing multidisciplinary knowledge in security architecture and security management.
•  Collaborate with IT teams to formulate mitigations for system security threats and risks.
• Provide consulting services on current and upcoming projects, covering all layers of IT security architecture.

Incident Response & Crisis Management

• Manage escalated incident response efforts, assuring timely detection, classification, and resolution of security incidents in Commercial BTO.
• Execute post-incident reviews and comprehensive tabletop exercises to improve preparedness.

Compliance & Governance

• Collaborate with the Compliance, Safety & Quality teams (where required) to ensure compliance with regulatory measures such as GDPR, HIPAA, CCPA, and adherence to standards like ISO 27001, applicable to Commercial data.
• Familiarize with annual audit scoping efforts, coordinating with BTO Compliance teams to identify security activities targeted for review.

Training & Awareness

• Design and provide security awareness programs, underlining the importance of cybersecurity in Commercial.
• Develop a cybersecurity-conscious culture throughout the Commercial community within the organization.

Qualifications

Required:

• Bachelor’s Degree and minimum 10 years of experience; or master’s degree and 9 years of experience; or PhD and 5 years of experience in Information Technology
• Prior, significant experience as a senior information security executive within a Commercialization, sales, marketing, or similar environment.
•  Consultative experience in advising executive & key stakeholders on security issues in the context of Commercial data. 
• Experience in designing and implementing global security solutions tailored to managing customer or health care provider data.
• Experience in global organizations, in various geographic regions and understanding requirements in those countries (e.g., China (CSL, PIPL), Brazil, UK (GDPR), etc.)
• Thorough understanding of information security management frameworks (ISO 27001, NIST CSF) and regulatory compliance relevant to customer data.
•  Proven communication skills with a diverse stakeholder range, including technical teams, middle management, board members and executives.
•  Strong program & project management, data analytics, problem-solving, and leadership skills.
• Holds the C|CISO, CISSP, CISM, CRISC, CISA certifications, or at least two of these credentials.

Preferred:

• Advanced degree in a related field.
•  Experience in contract and vendor negotiations in a security context.
• Expertise in cybersecurity risk management, performing assessments and recommending solutions for Commercial programs & data.
• Previous experience as a Chief Information Security Officer (CISO) within a medium or large entity or virtual CISO experience reporting into a board-subcommittee

Additional Information

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: ​

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.​

• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.​

• This job is eligible to participate in our short-term incentive programs. ​

• This job is eligible to participate in our long-term incentive programs​

​

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. ​

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community.  Equal Opportunity Employer/Veterans/Disabled. 

US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html