Associate Director of Cyber Security Remediation Team

Job Description

At Biogen, we offer a workplace that is unique, connected, resilient and impactful. Our purpose to find cures for rare diseases is a unique focus within our industry. We are connected as a team by this shared purpose, the pride we have in our work, and the inspiration we obtain from the lives           we’re changing. We are resilient as we overcome obstacles, following the science to deliver for our patients. Most of all, our work allows us to have an impact. An impact on our patients’ lives and on changing the course of medicine.   

About this role

We are seeking a proven leader for our newly established Cyber Security Remediation Team that will shape how we develop a thematic analysis process identifying root cause / contributing factors derived from operations and ensuring these findings are converted into remediation tasks to prevent reoccurrence, strengthen the defense-in-depth landscape, and improve consequence management.  This is a highly dynamic and collaborative role that requires a unique blend senior level experience working across multiple domains including training, network and security operations, desktop and server support, legal, and HR; as well as a diverse background across operational risk management, cyber security, and computer science / data analysis. 

What you’ll do

• As a senior member of the Cyber Remediation Team, you will be the champion that works horizontally across the franchise to share operational lessons learned and work with stakeholders to repair, improve, or redesign affected areas ensuring that we harden our networks, applications, and systems preventing / eliminating identified risks.  This will include both the technical business stakeholders, audit, risk management, and others.
• Beyond the redress of technical findings, this role will also focus on bad user behaviors that are identified and work with both HR and Training to develop reoccurring / regular training materials address these bad practices and developing in partnership with HR consequent management strategies.  
• As a senior leader you will participate in a number of committee where your subject mater expertise will help shape and inform enterprise-wide decision making and risk management. 

Key Responsibilities:

• Provide regular briefings to senior management across HR, CIO Office, Audit, and Risk taking the actionable details from highly technical findings in a clear manner.
• Own the formal lessons learned process for Cyber Security Operations
• Establish and maintain a repeatable thematic analysis process to identify technical and procedural weaknesses from operational findings and responses.  
• Own the end-to-end remediation process for critical findings.  This will include partnership across IT and business stakeholders requiring high levels of influential leadership and emotional intelligence. 
• Own and develop mathematically defensible Key Performance and Key Risk Indicators
• Manages and is responsible for the successful completion of all tasks in assigned program area including technical work, financial and business development activities

Who you are:

As the Director for Remediation Team, You.

• Experienced senior briefing to executive audience like CISO, CIO, CTO, and others
• Possess a strong service mindset and experience manager of manager with demonstrated track record of building high preforming teams.
• Have a deep blended experience set across business, operations, risk management, and information and cyber security.
• Strong knowledge and experience across industry standard frameworks (NIST, ISO, PCI)
• Purposeful individual who can manage multiple complex assignments, manage assignments based on criticality, in a timely and professional manner
• Ability to manage expectations with multiple stakeholders on projects and programs in conjunction with information security teams
• Demonstrated personal integrity, the ability to professionally manage confidential matters and show the appropriate level of judgment and decision making commensurate with the position and responsibilities
• Outstanding communication capabilities, written and oral, with an emphasis on prompt, transparent and appropriate targeting for incident related notifications

Qualifications

Required Skills:

• 10 years of risk management experience
• 10 years of direct and indirect leadership experience managing and influencing teams of teams
• Broad information cybersecurity knowledge, including familiarity with common attack methodologies, tactics and protocols, Advance Persistent Threat groups, Hacker activities.
• Documented subject matter expertise across information security domain, information warfare, and cyber defensive operations 
• Data-driven decisions maker based on Key Performance and Key Risk Indicators
• Experience with multi-national / cross boarder operations

Education:

• Master’s Degree in Computer Science, Computer Engineering, Information Security  

Additional Information

All your information will be kept confidential according to EEO guidelines.