Head of Information Security Strategy & Risk Management

Position Summary:

Zoetis is seeking a dynamic and experienced Head of Information Security Strategy & Risk Management to lead and enhance our global security strategy, risk management, and awareness programs. This role will collaborate across Zoetis Tech & Digital and business units to embed security into the company’s DNA while maintaining a strong risk posture.

This leader will work directly with the Chief Information Security Officer to define the strategic vision for Zoetis’ information security landscape, ensuring our defenses evolve in response to emerging threats. They will align security initiatives with business objectives, enabling innovation while protecting the organization’s assets, infrastructure, and data. A key aspect of the role involves building trust and translating complex security risks into business-friendly narratives for executive leadership and stakeholders.

Responsibilities:

Strategic Leadership & Risk Management

• Develop and execute a long-term global information security strategy aligned with Zoetis' business goals.
• Lead a comprehensive risk management program, identifying, assessing, and mitigating risks across the enterprise.
• Provide regular executive-level reporting on security posture, key risk indicators, and program effectiveness.
• Partner closely with Legal, Compliance, Privacy, and HR to ensure adherence to regulatory and industry best practices.

Security Operations & Incident Response

• Oversee the Security Operations Center (SOC) to ensure 24/7/365 threat monitoring, detection, and incident response.
• Provide strategic leadership during major security incidents and guide improvements in response playbooks and recovery strategies.
• Direct execution of attack simulations, including tabletop and purple/red team exercises, to strengthen cyber resilience.

Vulnerability Management & Threat Intelligence

• Lead Vulnerability Management program to proactively identify and remediate security gaps across cloud, infrastructure, and applications.
• Drive Threat Intelligence initiatives to predict, analyze, and counteract evolving cyber threats.

Security Awareness & Business Enablement

• Design and oversee a Security Awareness Program that fosters a risk-aware culture across Zoetis.
• Partner with business functions to embed security into digital transformation initiatives, ensuring security enables—not hinders—innovation.
• Serve as a trusted liaison between the business and InfoSec, simplifying technical complexities into actionable insights.

Mergers & Acquisitions (M&A) Security

• Lead security due diligence and integration efforts for M&A activities, assessing and mitigating cyber risks.
• Standardize security measures to seamlessly incorporate acquired entities into Zoetis’ security framework.

Financial & Vendor Management

• Manage and forecast security budgets, ensuring efficient allocation of resources.
• Oversee third-party security service providers, ensuring alignment with Zoetis’ risk and security strategy.

Education and Experience:

• Bachelor’s and master’s degree in Cybersecurity, Computer Science, Business, or related field
• Relevant certifications (e.g., CISSP, CISM) are required
• 12+ years of progressive experience in cybersecurity leadership, preferably in a pharmaceutical, healthcare, or regulated industry
• Experience leading a global Fortune 500 information security program across engineering, operations, and risk domains
• Demonstrated ability to build high-performing security teams and drive organizational change
• Expertise in communicating complex security topics to executive leadership and non-technical stakeholders
• Strong background in finance and budget management, vendor oversight, and service delivery
• Experience in security governance, compliance (e.g., GDPR, HIPAA, SOX), and audit functions

Technical Skills Requirements:

• Deep expertise in security technologies across endpoint, network, and cloud environments
• Strong understanding of the threat landscape, emerging risks, and effective countermeasures
• Knowledge of system development life cycle (SDLC) and secure software development practices
• Hands-on experience managing large-scale IT and security projects

Travel: <10%

Full time

Regular

Colleague

Any unsolicited resumes sent to Zoetis from a third party, such as an Agency recruiter, including unsolicited resumes sent to a Zoetis mailing address, fax machine or email address, directly to Zoetis employees, or to Zoetis resume database will be considered Zoetis property. Zoetis will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

Zoetis will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor but does not have the appropriate approvals to be engaged on a search.

Zoetis is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status or any other protected classification. Disabled individuals are given an equal opportunity to use our online application system. We offer reasonable accommodations as an alternative if requested by an individual with a disability. Please contact Zoetis Colleague Services at zoetiscolleagueservices@zoetis.com to request an accommodation. Zoetis also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must possess or obtain authorization to work in the US for Zoetis. Zoetis retains sole and exclusive discretion to pursue sponsorship for the acquisition or maintenance of nonimmigrant status and employment eligibility, considering factors such as availability of qualified US workers. Individuals requiring sponsorship must disclose this fact. Please note that Zoetis seeks information related to job applications from candidates for jobs in the U.S. solely via the following: (1) our company website at www.Zoetis.com/careers site, or (2) via email to/from addresses using only the Zoetis domain of “@zoetis.com”. In addition, Zoetis does not use Google Hangout for any recruitment related activities. Any solicitation or request for information related to job applications with Zoetis via any other means and/or utilizing email addresses with any other domain should be disregarded. In addition, Zoetis will never ask candidates to make any type of personal financial investment related to gaining employment with Zoetis.