Executive Director, Global Cyber Governance, Risk, and Compliance (GRC)

Accountabilities: 

• Lead the organization-wide information security and technology risk framework spanning all locations.
• Prioritize the most meaningful risks and drive treatment plans to closure.  

• Lead all aspects of the worldwide cyber regulatory approach and ensure it meets laws, regulations, and standards. This includes confidentiality, information security, crucial infrastructure, and requirements outstanding to the life sciences sector across jurisdictions.  

• Third-Party Risk Governance: Coordinate the management of cyber risk controls for vendors, academic collaborators, and technology service providers, safeguarding the extended ecosystem vital to global operations.  

• Cyber Resilience Oversight: Provide governance for incident preparedness, crisis response coordination, and recovery preparation; ensure cohesive, end-to-end resilience outcomes with security operations, technology, legal, privacy and business continuity teams. 

• Control Assurance and Ongoing Improvement: Ensure the build and efficiency of cybersecurity and information technology safeguards through continuous validation, evaluation, and detailed improvement.  

• Build, lead, and advance international cyber risk oversight groups and senior risk advisory panels. Drive cross-functional decisions that align with the organization's risk tolerance and strategic goals.  

• Communicate detailed engineering and compliance risk into clear choices for top leadership as well as the Board. Deliver concise, high-impact reports on posture, trends, and material exposures.  

• Act as a reliable consultant to the heads of information security, information technology, risk and compliance functions, and legal partners. Represent the company in interactions with regulatory agencies, professional associations, and peer organizations.  

• Distributed Team Leadership: Build, lead and develop a high-performing, distributed cyber GRC team with clear mission, measurable outcomes and strong succession.  

• Business Enablement: Incorporate cyber risk within broader enterprise risk management to reduce friction, increase confidence and enable faster, safer delivery of scientific and commercial outcomes.  

Essential Skills/Experience: 

• Demonstrated experience establishing and leading an enterprise framework for managing cybersecurity and technological risk across multiple regions and business units.  

• Proven ability to integrate cyber risk into enterprise risk management processes, aligned with corporate risk appetite and strategic objectives.

• Track record coordinating third-party cyber risk management across suppliers, research partners and technology vendors.  

• Ownership of a global cyber regulatory strategy with compliance accountability across jurisdictions, including privacy, data protection, critical infrastructure and life sciences–specific requirements.

• Experience acting as the primary executive interface for cyber-related regulatory examinations, audits and inquiries.

• Evidence of harmonizing compliance controls across regions while maintaining local regulatory adherence.

• Governance oversight of cyber resilience programs, including incident readiness, crisis management and recovery planning.

• Expertise ensuring control design and effectiveness for cyber and IT controls, including ongoing assurance, testing and continuous improvement.

• Experience designing, leading and maturing global cyber risk governance forums and executive risk committees.

• Ability to translate complex technical and regulatory risks into clear, actionable insights for senior executives and the Board, with concise, high-impact reporting.

• Validated leadership building, leading and developing a globally distributed team of cyber GRC professionals.

• Experience serving as a trusted advisor to CISO, CIO, enterprise risk leadership, compliance, legal and senior business executives.

• Credibility representing an organization externally with regulators, industry bodies and peer companies.

• Bachelor’s degree required; advanced degree preferred (e.g., MBA, MS, JD).

• 15+ years of progressive experience in cyber security, IT risk, governance, risk, and/or compliance roles.

Desirable Skills/Experience: 

• Experience in highly regulated, science-driven industries such as biopharma, healthcare or critical infrastructure.

• Strong familiarity with global regulatory frameworks and standards (e.g., GDPR and other privacy laws, NIS2, HIPAA, FDA/EMA expectations, ISO/IEC 27001/27701, SOC 2).

• Board-level communication and storytelling that link risk to enterprise value and patient impact.

• Leadership of large-scale control transformation or control harmonization initiatives across regions.

• Depth in third-party and supply chain cyber risk, including cloud/SaaS, data platforms and research collaborations.

• Professional certifications such as CISSP, CISM, CRISC, CIPP/E, CIPM or equivalent executive-level credentials.

• Experience aligning cyber resilience with enterprise business continuity and technology recovery programs.

Why AstraZeneca: Join a company where secure digital capabilities directly influence how quickly we bring new medicines to people who need them. Here, cyber GRC is not a back-office function—it is a strategic force that underpins discovery, development and global delivery. You will work with unexpected teams in the same room unleashing bold thinking, blending cutting-edge data and platforms with rigorous governance to create real-world impact. We are investing for scale and speed, and we value kindness alongside ambition—empowering experts to take ownership, challenge assumptions and shape how the business operates. Your leadership will be visible, valued and instrumental in building confidence with regulators, partners and patients while enabling the enterprise to move faster with control.

The annual base pay for this position ranges from 227.024,80 - 340.537,20 USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. 

Call to Action: Lead the next chapter of our global cyber resilience and regulatory confidence—step in to shape a safer, faster, data-powered future that advances science and protects patients.