Director, Americas IT Security & Compliance Lead
Description:
At Eisai, satisfying unmet medical needs and increasing the benefits healthcare provides to patients, their families, and caregivers is Eisai’s human health care (hhc) mission. We’re a growing pharmaceutical company that is breaking through in neurology and oncology, with a strong emphasis on research and development. Our history includes the development of many innovative medicines, notably the discovery of the world's most widely-used treatment for Alzheimer’s disease. As we continue to expand, we are seeking highly-motivated individuals who want to work in a fast-paced environment and make a difference. If this is your profile, we want to hear from you.
Job Summary:
As the Americas IT Security and Compliance Director, you play a pivotal role in ensuring the organization’s adherence to security, regulatory, and compliance standards. Collaborating with business and EIT stakeholders, you promote awareness of best practices and strengthen compliance with GDPR, HIPAA, CSL, and other relevant security and data privacy standards. Your responsibilities span security operations, risk assessment, investigations, and compliance issue resolution for the Americas business. You oversee business continuity, disaster recovery, and crisis management, while also educating end-users on compliance requirements. Additionally, you manage regulatory compliance activities, maintain accurate documentation, and evaluate new system impacts. Organizational management involves strategic alignment, coaching, and resource optimization.
Essential Functions:
Partnerships and Business Relationships:
Promotes awareness of standards related to security, regulatory, clinical, commercial, and manufacturing processes to establish a culture of compliance regionally.
Strengthens Eisai US’s compliance with GDPR, HIPAA, CSL, and other relevant Security and Data Privacy standards through continual risk and security assessment.
Collaborates with global stakeholders from EIT and leaders across regions in Compliance, Ethics, Risk Management, Legal, Data Privacy, and Information Protection.
Security Responsibilities:
Monitor and respond to incidents.
Conduct annual tests and address vulnerabilities.
Analyze threat data and lead hunting efforts.
Deploy standards, conduct training, and track KPIs.
Define critical processes and manage recovery testing.
Regularly review adherence to standards.
Oversee regional security vendors.
Prioritize risk-based reduction efforts.
Manager investigations.
General Compliance Activities:
Maintain an inventory of regulatory, commercial, and organizational technology compliance requirements for the region.
Facilitate creation and modification of regional IT compliance policies.
Assess inherent and residual IT compliance risks using a risk assessment framework.
Oversee documentation, implementation, and testing of IT compliance controls.
Monitor IT compliance risks to an acceptable level.
Manage IT compliance issue resolution.
Report compliance risk levels to key stakeholders.
Coordinate audit readiness and resolution.
Align IT compliance budget with risk appetite and global strategy.
Educate end-users on IT compliance requirements.
Oversee business continuity, disaster recovery, and crisis management.
Manage IT training programs and conduct Segregation of Duties reviews.
Regulatory Compliance Activities:
Collaborate with legal and compliance representatives to identify IT compliance requirements across relevant jurisdictions.
Update IT compliance policies based on regulatory changes.
Establish a regulatory change management process for modifying technological functions and compliance controls.
Monitor and test IT compliance controls for effectiveness.
Remediate control deficiencies and investigate potential unlawful actions.
Oversee system data retention standards and verify system operations.
Manage Eisai’s information governance program, including JSOX compliance.
Maintain accurate compliance documentation and advise control owners.
Assess risk, evidence adequacy, and remediate findings.
Evaluate new system impacts against compliance controls.
Organizational Management
Works with the Regional EIT Leadership Team on the service portfolio and governance required to prioritize resources, including budget.
Collaborate with CIO Office to align strategy, initiatives and projects across the regional EIT organization. Consult with CIO Office to ensure financial and resource targets are established in alignment with overall EIT strategy and objectives.
Provide daily coaching and mentoring to staff (direct reports and project teams). Manage direct reports including recruitment, supervision, scheduling, development, and performance management. Identify development opportunities and align to career objectives. Highlight strengths and reward successes.
Requirements
Scope
Decisions for Eisai Americas IT Compliance and Security: investment planning, business outcomes, budgeting and systems related decisions.
Directs priorities of internal staff and MSP resources.
Governs all IT Compliance and Security for Eisai EIT regionally.
Qualifications and Education
College diploma or university degree in computer science, information science, management information systems, or business administration.
Advanced Degree, such as MBA with technology as a core component, is preferred.
Minimum of 15 years related work experience, including at least 5 years of enterprise-level governance and management.
Certified Information System Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other similar credentials.
Strong knowledge of GAMP practices, familiarity with ISPE practices, and application of GxP standards.
Industry-related legal, compliance, information security, or business continuity management certification is advantageous.
Prior audit/assurance experience is helpful.
Information Technology and Compliance Experience
Ten or more years of experience across multiple disciplines (e.g., architecture, development, analysis) in a multi-tier environment.
Proven life science IT leadership in planning, developing, deploying, and supporting applications across various domains.
Experience leading teams to design IT Security and Compliance processes and policies.
First-hand knowledge of security compliance programs (SSAE 16, SOX, PCI, PII).
Practical application of industry standards (NIST, ITIL, GxP, COBIT, ISO 27001, ISO 27002) in a corporate environment.
Managing application/system changes in compliance with regulations (21 CFR Part 11, GxP).
Understanding of e-discovery lifecycle, EDRM, and legal provisions.
Advanced knowledge of information security practices, technologies, and vendors.
Business analysis skills for vision/strategy development and process modeling.
Familiarity with emerging technologies applicable to pharma and biotech.
Problem-solving ability considering quality, cost, and speed.
Broad understanding of IT technology platforms, products, and services.
Leadership and Teamwork
Strong track record of effective cross-functional and cross-cultural team collaboration and execution.
Ready to think, behave and act in an innovative consulting manner to drive the organization’s digital business strategies.
Effective leadership skills. These include team building, consensus building, the ability to balance team and individual responsibilities and achieving goals through others not directly under the leader's supervision, by working ethically and with integrity.
Communication, Organization and Problem-Solving Skills
Excellent interpersonal communication skills, ability to network, strong personal integrity, collaborative mindset, and a strong customer focus are necessary.
Ability to organize, prioritize, and work effectively in a constantly changing environment.
Demonstrated problem solving skills, including taking ownership to ensure timely resolution, a strong sense of urgency, keen attention to detail, and the ability to plan, organize and successfully execute in an environment under time and resource pressures.
Information Technology Planning, Analysis, Design, Architecture and Management
The ability to work at all levels of the organization to develop a vision for platform roadmaps and maintain consensus around the strategic direction allowing us to meet Eisai business needs.
Strong business analysis skill and experience, including development of business/IT vision and strategy, requirements definition, process modeling, and operating model design.
Familiarity with information management practices, system development life cycle management, IT services management, agile and lean methodologies, infrastructure and operations, and enterprise architecture and ITIL frameworks.
#LI-JL1
#IND12
Eisai is an equal opportunity employer and as such, is committed in policy and in practice to recruit, hire, train, and promote in all job qualifications without regard to race, color, religion, gender, age, national origin, citizenship status, marital status, sexual orientation, gender identity, disability or veteran status. Similarly, considering the need for reasonable accommodations, Eisai prohibits discrimination against persons because of disability, including disabled veterans.
Eisai Inc. participates in E-Verify. E-Verify is an Internet based system operated by the Department of Homeland Security in partnership with the Social Security Administration that allows participating employers to electronically verify the employment eligibility of all new hires in the United States. Please click on the following link for more information:
Right To Work
E-Verify Participation
R3357