ROLE SUMMARY

Reporting to the CISO, the Deputy CISO is accountable for leading and maturing the firm’s enterprise-wide information security program. The Deputy CISO has overall responsibility for establishing and maintaining an enterprise-wide information security program to ensure that all information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks to ensure a proactive and robust cybersecurity posture. They will work with the business and functional leaders to implement practices that meet defined policies and standards for information security. The Deputy CISO will be responsible for the vision, strategy, governance and operations for Cybersecurity across the global enterprise. They will develop the technical roadmap for cybersecurity and bring a business resilience lens to the function. The Deputy CISO will be an innovative leader that brings broad experience across all areas of cyber security.

Risk Management, Workforce Awareness & Performance Reporting

• Creates a risk-based process to assess and mitigate information security risks in the ecosystem including Pfizer’s supply chain partners, vendors and healthcare providers
• With the CISO, develops, socializes, maintains, implements and enforces security policies
• Develops and operates a metrics and reporting framework to measure and improve the efficiency and effectiveness of the information security program
• Provides regular reporting on the status of the information security program outcomes to enterprise risk teams and business-aligned quality & risk committees
• With Procurement, ensures that information security requirements are included in supplier agreements and purchase contracts
• Creates targeted information security awareness training program for all employees, contractors and approved system users

Services Strategy and Operation

• Develops and implements a services strategy that includes all business solution security, threat intelligence, incident detection & response, forensic investigation, security technology engineering, vulnerability management, cyber analytics and workforce awareness functions
• Operates and maintains protective, detective and responsive capabilities to ensure that all information and information systems owned, collected or controlled by or on behalf of the company is appropriately protected from loss, tampering, theft or destruction
• Collaborates and liaises with the data privacy function to ensure that data privacy investigation and response requirements are integrated, where applicable
• Ensures that security is embedded in project delivery by providing security solutions, guidance, consulting and testing to Digital creation centers and business division leaders
• Identifies, manages and contains information security incidents and events to protect financial resources, information assets, intellectual property, regulated data and the company's reputation
• Monitors the external threat environment for emerging threats, and develops response strategies and tactics appropriate to the level of risk
• Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event

People and Financial Leadership

• Manages a high performing, cost-efficient organization, consisting of over 100 colleague reports located in all regional geographies.  This includes hiring, training, professional development, and performance management that enables world-class security outcomes
• Creates the necessary internal networks among the information security team and divisional business leaders, corporate compliance, audit, privacy, physical security, legal and HR management teams to ensure alignment and seamless delivery of shared outcomes
• Determines, implements and optimizes the information security operating model in coordination with stakeholders, Digital and Enterprise Platforms & Security leaders to assure alignment with the risk management approach and compliance monitoring needs of the company
• Manages the capital and operating expense budget for all functions under management, including on-going optimization of unit cost and service quality performance for all services. 

External and Community Engagement

• Builds and nurtures external networks of industry peers, business partners, suppliers and other parties to address common threats, incidents, risks and opportunities to advance community security
• Liaises with law enforcement, advisory bodies and technology vendors to ensure that the organization maintains a strong security posture and is deeply integrated into community-based threat intelligence sharing networks
• Coordinates with the enterprise architecture team to align the security and enterprise reference architectures, to ensure that information security requirements are built into solutions by design

Direct Reports and Peers

• Business Solutions Enablement and Vulnerability Management
• Incident Detection & Response and Threat Intelligence
• Forensics, Insider Threat and Workforce Awareness
• Security Engineering & Operations
• Cyber Analytics
• Peers
  • Digital Risk Management and Compliance
  • Identity & Access Management
  • Digital Privacy
  • Digital Hosting Solutions
  • Digital Command Operations
  • Workforce Platforms
  • Business Operations, Portfolio & ACD

BASIC QUALIFICATIONS

• Bachelor’s degree in information security, information technology, engineering, business management or adjacent disciplines.
• 15+ years of experience in developing and operating enterprise scale cybersecurity services and solutions.
• Demonstrated experience in identifying, managing and communicating technical, business and regulatory risks to senior leadership in business terms.
• Demonstrated experience managing service level P&L and interdepartmental budget.
• Experience working with emerging and transformational technologies (e.g., cloud, GenAI) in a regulated industry.
• Prior experience mentoring, supporting and/or developing technical leaders to achieve strategic outcomes.
• Demonstrated experience in leading enterprise-wide transformational initiatives, driving adoption of modern technology solutions.
• Excellent written and verbal communication skills as well as the ability to indirectly influence key partners and stakeholders.
• Role model of integrity in values and behaviors.

PREFERRED QUALIFICATIONS

• Master’s degree in business administration (MBA) or similar.
• Prior consumer service or life sciences experience.

Other Job Details:

• Last Date to Apply for Job:  April 5, 2025
• Relocation Eligible
• Location: Must be based at our Collegeville, PA site

The annual base salary for this position ranges from $266,000.00 to $443,400.00. In addition, this position is eligible for participation in Pfizer’s Global Performance Plan with a bonus target of 35.0% of the base salary and eligibility to participate in our share based long term incentive program. We offer comprehensive and generous benefits and programs to help our colleagues lead healthy lives and to support each of life’s moments. Benefits offered include a 401(k) plan with Pfizer Matching Contributions and an additional Pfizer Retirement Savings Contribution, paid vacation, holiday and personal days, paid caregiver/parental and medical leave, and health benefits to include medical, prescription drug, dental and vision coverage. Learn more at Pfizer Candidate Site – U.S. Benefits | (uscandidates.mypfizerbenefits.com). Pfizer compensation structures and benefit packages are aligned based on the location of hire. The United States salary range provided does not apply to Tampa, FL or any location outside of the United States.

Relocation assistance may be available based on business needs and/or eligibility.

Information & Business Tech