Sr Director, BISO and Information Protection

ROLE SUMMARY

 Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization.

We are seeking a Senior Director, Business Information Security Office (BISO) & Information Protection to serve as the strategic security partner to our Pfizer business leaders.

This role is accountable for aligning enterprise security strategy to business priorities, protecting sensitive data and intellectual property, and enabling innovation across a highly regulated, global environment.

As a senior leader, you will bridge business, technology, and risk—embedding security into R&D, PGS/Manufacturing, Commercial, and Corporate functions while driving a modern, risk-based information protection program.

ROLE RESPONSIBILITIES

Business Information Security Leadership

• Serve as the primary security advisor to senior business leaders, translating cyber and information risk into actionable, business‑aligned decisions.

• Establish and mature the BISO operating model, including engagement cadence, governance forums, risk intake, and executive reporting.

• Oversee and coordinate a global team of BISOs and enable with key information.

• Act as the liaison between business teams and central security functions (GRC, ISAM, Cyber Defense, Infrastructure, Cloud Services).

• Translate third‑party cyber and data risks into clear, business‑relevant insights and present to executive leadership.

• Socialize third-party risks and findings with business owners.

Information Protection Strategy

• Develop and maintain an in-depth understanding of business unit processes, crown jewels, physical locations, systems, technologies, data, customers, partners.

• Define and drive the enterprise Information Protection strategy, including:

  • Protection of regulated data (clinical, patient, employee).

  • Protection of IP and trade secrets (research data, protocols, formulations, manufacturing processes, commercial strategy).

• Drive adoption of data protection controls such as DLP, encryption, rights management, secure collaboration, labeling, and endpoint protections.

• Partner with Privacy and Legal to ensure privacy‑by‑design and regulatory alignment.

Security‑by‑Design

• Embed security early into new platforms, SaaS solutions, clinical systems, manufacturing automation, and digital engagement tools.

• Partner with Security, Infrastructure, and Cloud Services teams to define security requirements.

• Ensure security expectations are met for GxP and regulated systems, partnering closely with Quality, Compliance, and Internal Audit.

Incident Leadership

• Act as a senior escalation point for information protection incidents, coordinating with Cyber Defense, Legal, Privacy, HR, and other key stakeholders.

• Support executive decision‑making during incidents and lead post‑incident improvement efforts.

RESOURCES MANAGED

2 direct reports and indirectly 6-8 colleagues.

BASIC QUALIFICATIONS

• Bachelor’s degree and/or Master’s Degree in Cybersecurity, Computer Science, Information Systems, or related field.

• 15+ years of experience in information security, technology risk, or data protection, including senior leadership roles.

• 8+ years working in regulated industries; pharmaceutical, biotech or life sciences strongly preferred.

• Professional certifications: CISSP, CISM, CRISC or similar.

• Proven experience building and scaling information protection, data security and other regulatory programs.

• Deep understanding of modern security capabilities: cloud and SaaS security, identity and access management, data security platforms, endpoint security.

• Experience partnering with Legal, Privacy, Quality, Compliance, Internal Audit, and key business stakeholders.

• Exceptional executive communication skills and the ability to influence without authority.

• Executive presence and stakeholder management.

• Global mindset and ability to work across cultures.

PREFERRED QUALIFICATIONS

• Familiarity with GxP, privacy regulations (including EU), and frameworks such as NIST CSF or ISO 27001.

• Experience supporting R&D and/or Manufacturing environments.

• Strong interpersonal and communication skills.

• Excellent strategic thinking; deeply analytical and credible.

• Ability to challenge, influence, and support senior leadership.

• Ability to bring structure to vaguely defined problems and solve them with creative yet pragmatic approaches.

• Resourceful, self-motivated, and proactive – strong drive for excellence.

• Continuously seeks new knowledge and approaches, leveraging innovation to enhance efficiency, effectiveness and impact.

OTHER INFO

• Travel as required by the business (less than 20% domestic and/or international).

• Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week, or as needed by the business.

• This role is NOT remote. Work Location Assignment: Hybrid.