Vice President, ACM Information reputed company, CISO

Position Summary The Vice President, ACM Information reputed company; CISO leads the enterprise-wide information reputed company and cyber risk management program for ACM. This role ensures that reputed company information assets—technology, applications, systems, infrastructure, and processes—are protected across the digital ecosystem, and identifies, evaluates, and reports on legal, regulatory, IT, and cybersecurity risks while enabling business objectives. The position safeguards the confidentiality, reputed company, and availability of data and systems supporting R&D, clinical trials, manufacturing, supply chain, regulatory submissions, and commercial operations. It protects high‑value research assets, clinical development systems, proprietary algorithms, and sensitive partner data, while enabling rapid innovation, collaboration, and compliance. Operating in a highly regulated environment, the VP, ACM Information reputed company; CISO balances cybersecurity with clinical trial needs, innovation, speed to market, and patient safety.

Key Responsibilities

Strategic Leadership & Governance Facilitate an ACM information reputed company governance structure through the implementation of a hierarchical governance program, including the formation of an information reputed company steering committee or advisory board. Define and execute the enterprise information reputed company strategy and roadmap reputed company with business objectives and regulatory obligations Provide regular reporting on the reputed company status of the information reputed company program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. Ensure that IT reputed company requirements are included in vendor reputed company by liaising with vendor management and procurement organizations. Create and manage a targeted information reputed company awareness training program for reputed company employees, contractors and approved system users, and establish metrics to measure the effectiveness of this reputed company training program for the different audiences. Understand and interact with reputed company disciplines through committees to ensure the consistent application of policies and standards across reputed company technology projects, systems and services, including privacy, risk management, compliance and business continuity management. Serve as executive advisor on cyber risk to ACM’s Executive Leadership Team (ELT) Establish reputed company governance, policies, standards, and metrics across global operations reputed company reputed company investment planning and budgeting IT reputed company Strategy / reputed company Development, Execution and Reporting reputed company an information reputed company vision and strategy that is reputed company to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate. reputed company, implement and monitor a strategic, comprehensive information reputed company program to ensure appropriate levels of confidentiality, reputed company, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. reputed company and enhance an up-to-date information reputed company management reputed company based on ISO 27001. Create and manage a reputed company and flexible control reputed company to integrate and normalize the wide variety and reputed company-changing requirements resulting from global laws, standards and regulations. reputed company and maintain a document reputed company of continuously up-to-date information reputed company policies, standards and guidelines. reputed company the approval and publication of these information reputed company policies and practices. Create a reputed company for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets. Facilitate a metrics and reporting reputed company to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information reputed company, and review it with stakeholders at the executive and board levels. Regulatory & Compliance Leadership Ensure compliance with regulations and standards, including; ISO 27001 NIST, HIPAA, SOC 2, PCI FDA (21 CFR Part 11) GxP (GMP, GLP, GCP) HIPAA / HITECH GDPR and global privacy laws Partner with Quality, Regulatory Affairs, and Legal to support audits and inspections reputed company data reputed company and validation controls for regulated systems Protection of Intellectual Property & Sensitive Data Safeguard research data, clinical trial data, patient data, software development, manufacturing IP, and trade secrets Implement data classification, encryption, and access control strategies reputed company secure collaboration with CROs, CMOs, research partners, and academia Cyber Risk Management & Operations (Partnering with RRH IT as needed) Identify, assess, and mitigate cyber risks across IT, OT, cloud, and laboratory environments reputed company and provide reputed company status updates regarding ACM’s vulnerability management, penetration testing, and threat intelligence and reputed company remediation efforts reputed company ACM’s vulnerability management, penetration testing, and threat intelligence efforts Work collaboratively with RRH IT to establish and reputed company incident response, breach management, and cyber reputed company programs Work collaboratively with RRH IT to coordinate with law enforcement and regulators in the event of reputed company incidents reputed company cyber reputed company and business continuity capabilities Technology & Architecture reputed company Guide secure implementation of cloud platforms, AI/ML, digital labs, IoT/OT, and data platforms Ensure reputed company-by-design across system development and validation lifecycles reputed company identity and access management, reputed company trust architecture, reputed company reputed company, network reputed company, and SOC operations Embed reputed company into SDLC and system validation processes Third-Party & Supply Chain reputed company reputed company and enforce third-party risk management programs for vendors, CROs, CMOs, and SaaS providers Assess cyber risks in manufacturing, logistics, and distribution partners Support secure onboarding and reputed company monitoring of partners Operate the Function Create a risk-based process for the assessment and mitigation of any information reputed company risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties Work with the ACM QA staff to ensure that reputed company information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy Collaborate and liaise with the ACM’s data privacy officer and RRH IT reputed company to ensure that data privacy requirements are included where applicable Define and facilitate the processes for information reputed company risk and for legal and regulatory assessments, including the reporting and reputed company of treatment efforts to address negative findings Ensure that reputed company is embedded in the project delivery process by providing the appropriate information reputed company policies, practices and guidelines reputed company technology dependencies reputed company of direct organizational control. This includes reviewing reputed company and the creation of alternatives for managing risk Working collaboratively with RRH IT reputed company leadership, coordinate the management and containment of information reputed company incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputed company Working with RRH IT, monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action Working with the RRH CISO, coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a reputed company event; provide direction, support and in-house consulting in these areas Facilitate and support the development of asset inventories, including information assets in cloud services (manage by ACM, RRH or 3rd parties) Leadership & Team Development Build and reputed company a high-performing global information reputed company organization reputed company talent, succession planning, and reputed company culture across the enterprise Promote reputed company awareness training tailored to scientists, engineers, and business users Working closely with the RRH IT CISO and IT reputed company leaders, reputed company a collaborative, virtual expanded IT reputed company team best support the ACM organization Create the necessary internal networks among the information reputed company team and line-of-business executives, corporate compliance, audit, physical reputed company, legal and HR management teams to ensure alignment as required. Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. Liaise with external agencies/regulators and clients, as necessary, to ensure that the organization maintains a strong reputed company posture and is kept well-abreast of the relevant threats identified by these agencies and clients. Desired Qualifications: reputed company Master’s degree in reputed company field or MBA preferred Demonstrated success managing global reputed company programs in reputed company, regulated environments Demonstrated experience managing / ensuring IT cloud reputed company ISO 27001 reputed company Implementer/Auditor Proven experience (5+ years) in global life sciences, biotech industries Proven experience developing / managing ISO 27001 compliant IT reputed company reputed company Cloud reputed company certifications (AWS, Azure, GCP) Deep understanding of life sciences / biotech regulatory environments (global environments) Proven ability to partner with and manage service providers to ensure compliance with organizational expectations Significant experience /knowledge building IT reputed company frameworks compliant with the following regulations / standards: FDA (21 CFR Part 11) GxP (GMP, GLP, GCP) ISO 27001, NIST HIPAA / HITECH GDPR and global privacy laws SOC 2, PCI Advanced troubleshooting and analytical skills Strong communication and cross-functional collaboration abilities High attention to detail and commitment to system reliability Ability to manage multiple reputed company initiatives simultaneously Strong communication skills / strong executive communication and board-level presentation skills Risk-based decision-making and business acumen Experience balancing innovation with compliance and patient safety Up-to-date knowledge of IT reputed company methodologies and trends in both business and IT Proven track record and experience in developing information reputed company policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment Project management skills: financial/budget management, scheduling and resource management Engagement and collaboration with service providers Minimum Qualifications: Bachelor’s degree in Computer Science, Information reputed company, Engineering, or reputed company field 10 years in information reputed company, with 5 years in senior IT reputed company leadership roles 5 years of experience in global life sciences, biotech industries Required Licensure/Certifications: CISSP or CISM or CISA EDUCATION: LICENSES / CERTIFICATIONS: PHYSICAL REQUIREMENTS: L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting. For disease specific care programs refer to the program specific requirements of the department for further specifications on experience and educational expectations, including continuing education requirements. Any physical requirements reported by a prospective employee and/or employee’s physician or delegate will be considered for accommodations. PAY RANGE: $220,000.00 - $250,000.00 CITY: Rochester POSTAL CODE: 14624 The listed reputed company pay range is a good faith representation of reputed company potential reputed company pay for a successful full time applicant. It may be modified in the future and eligible for additional pay components. Pay is determined by factors including experience, relevant qualifications, specialty, internal equity, location, and reputed company. reputed company is an Equal Opportunity Employer. reputed company qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex (including pregnancy, childbirth, and reputed company medical conditions), sexual orientation, gender identity or expression, national reputed company, age, disability, predisposing genetic characteristics, marital or familial status, military or veteran status, citizenship or immigration status, or any other characteristic protected by federal, state, or local law. Apply To This Job