Executive Director & CISO

Job Title

Requisition

Location

Additional Locations

Job Description Summary

Job Description

• Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program.

• Working directly with the business leaders & IT business partners to facilitate risk assessment and risk management processes.

• Developing and enhancing an information security management framework.

• Understands and interacts with related disciplines, either directly or through committees, to consistently apply policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.

• Works collaboratively with colleagues to continuously enhance Endo's security profile and respond to new & emerging threats while balancing risks, business operations, and longer-term strategic goals.

• Providing leadership to the enterprise's information security organization.

• Partnering with business stakeholders across the company to raise awareness of risk management concerns.

• Develop, mentor, and manage a motivated staff of information security professionals, including hiring, training, development, and performance management.

• Develops an information security vision, strategy & roadmap that is aligned with organizational priorities and enables and facilitates the organization's business objectives.

• Collaborate with the CIO, executive leadership & IT business partners to align security initiatives with business objectives.

• As a member of the IT Leadership team, actively participate and assist in leading the delivery and evolution of IT's strategy, which includes a portfolio of imperatives focusing on people, processes, and technology.

• Lead the secure adoption and integration of emerging technologies, including artificial intelligence (AI), machine learning (ML), and automation, to enhance threat detection, response, and operational efficiency.

• Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.

• Provides cybersecurity strategy, risk posture, and key metrics to the Board of Directors and executive committees on a regular basis, translating technical risks into business impact. Serve as a trusted advisor to the Board and executive leadership, providing insights on emerging threats, regulatory changes, and the organization's security maturity

• Develop and maintain a comprehensive metrics and reporting framework for Board-level visibility into the effectiveness of the information security program.

• Determines the information security approach and operating model in consultation with stakeholders.

• Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization.

• Maintain relationships and connectivity with industry peers, relevant threat intelligence sources, and regulatory agencies to collaborate and stay abreast of cyber events or topics.

• Identify, assess, and prioritize information security risks.

• Implement effective risk management strategies and controls to mitigate potential threats.

• Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.

• Develops, socializes, and coordinates approval and implementation of security policies.

• Monitors the external threat environment for emerging threats and advises relevant stakeholders on appropriate courses of action.

• Evaluate medical device security protocols, including IoT and biomedical device integration. Advance the organization's zero-trust security strategy, ensuring robust identity, access, and data protection across all environments (on-premises, cloud, and hybrid).

• Conduct routine security assessments and audits to identify vulnerabilities.

• Implement corrective actions to address identified weaknesses.

• Implement target milestones and metrics to measure performance.

• Direct the implementation of security automation and orchestration initiatives to streamline incident response, vulnerability management, and compliance monitoring.

• Drive adoption and optimization of cyber tool sets for a streamlined team member experience - implement appropriate controls while identifying opportunities for automation across the stack.

• Design, implement, and maintain a robust and scalable information security architecture, including policies, tools, and governance.

• Develops and enhances an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels.

• Ensure that security measures are integrated into all aspects of the IT infrastructure.

• Direct the implementation of security automation and orchestration initiatives to streamline incident response, vulnerability management, and compliance monitoring.

• Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.

• Develop and maintain an incident response plan to address security incidents promptly and efficiently.

• Lead investigations into security breaches and take appropriate corrective actions.

• Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas.

• Stay abreast of relevant laws, regulations, and industry standards.

• Ensure compliance with applicable security standards and frameworks.

• Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are met.

• Represents Endo in interactions with government agencies, as needed.

• Foster a culture of security awareness throughout the organization.

• Directs the creation of a targeted information security awareness training program for all employees, contractors, and approved system users and establishes metrics to measure the effectiveness of this security training program for different audiences.

• Evaluate and manage relationships with third-party security vendors.

• Assess new and recertify existing Endo vendors and ensure that approved Endo vendors adhere to security standards and contractual obligations.

• Communicate effectively with internal stakeholders, fostering a collaborative and secure environment.

• Build great partnerships with internal stakeholders and clients.

• Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal, and HR management teams to ensure alignment as required.

• Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.

• Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.

• Bachelor's degree or advanced degree in Information Security, Business Administration, or a technology-related field.

• 10+ years of experience operating in an Information Security Leadership and/or CISO role.

• Strong background in healthcare cybersecurity, especially medical device ecosystems

• Experience with developing, socializing, and executing a security roadmap for the business.

• In-depth knowledge of information security principles and best practices.

• Strong understanding of information security, data privacy laws, regulations, and standards.

• Professional security management certification is strongly desired, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

• Pharmaceutical industry experience strongly desired.

• Knowledge of regulations, frameworks, and standards, including NIST, ITIL, GDPR, and ISO.

• Understanding of FDA cybersecurity guidance, ISO 13485, IEC 81001-5-1, and NIST Cybersecurity Framework. understanding of FDA cybersecurity guidance, ISO 13485, IEC 81001-5-1, and NIST Cybersecurity Framework

• Knowledge of risk management frameworks and regulatory submission processes

• Expert knowledge and insight into threat vectors, ransomware risks, and data privacy regulations

• Expert knowledge of industry best practice methodologies

• Expert knowledge of available monitoring and threat-detection tools

• Knowledge of physical security, network and systems infrastructure, and security-related tools such as whitelisting, IDS/IPS, anti-malware, patch management, baselining, SIEM, access control, and firewalls.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.

• Experienced and skilled at presenting and public speaking (small and large groups); being able to engage and inspire personnel relating to areas of responsibilities.

• Strategic leader and builder of both vision and bridges and able to energize the appropriate teams in the organization.

• Excellent stakeholder management skills

• Excellent communication skills to translate technical risks into business impact

• Analytical thinking and problem-solving skills, with acute attention to detail, accuracy, and accountability balanced with sound business judgment.

• Project management skills

• Experience in financial/budget management

• A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.

• Expertise in technical infrastructure, network architecture, and data movement

• Expertise in IT infrastructure (on-prem and IaaS), cloud technologies, identity management, data protection techniques

• Prior and currently active experience and membership with Security consortiums/groups

• Expertise in system monitoring and threat detection toolsets and techniques

• Excellent listening, analytical, and communication skills

• Exceptional interpersonal skills

• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams

• Occasional travel to sites

The expected base pay range for this position is $280K - $360K. Please note that base pay offered may vary depending on factors including job-related knowledge, skills, and experience.

This position is eligible for a bonus in accordance with the terms of the applicable program. Bonuses are awarded at the Company's discretion.

Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this job. They are not intended to be an exhaustive list of all duties, responsibilities, and qualifications. Management reserves the right to change or modify such duties as required.