Associate Director, Cybersecurity at Servier Group

Servier in the U.S. is a Boston-based, commercial-stage biopharmaceutical company launched by Servier Group in 2018. As a privately held organization, Servier is uniquely positioned to advance cutting-edge science, tackle underserved therapeutic areas, and make patients the focus of every strategic decision.

Role Summary

At Servier Pharmaceuticals, we believe that cybersecurity is a strategic capability to empower and protect our mission to bring lifechanging medicines to patients. This role is a great opportunity for an individual with strong technical and business skills to lead the cybersecurity capabilities for a rapidly growing biotech. The Associate Director of Cybersecurity is a critical role within the Servier Pharmaceuticals IT department, reporting to the Head of IT & Facilities. They will be responsible for planning, building, and running the cybersecurity capabilities which protect our business. Key elements will include the establishment of a NIST-based governance and risk management program then operationalizing this framework to make continuous improvements in our overall cyber resilience.

Primary Responsibilities

• Build and manage policies and procedures in accordance with the NIST framework in order to establish and maintain a comprehensive cyber risk management program.
• Partnering with other Servier departments such as Legal, Compliance, Facilities, and HR to manage policy and process alignment as well as close partnership on the execution of interdependent processes (e.g. cyber incident response).
• Develop current state > target state presentations to characterize Servier’s cyber risk management capabilities for executive stakeholders.
• Develop continuous improvement plans to address opportunities, then guide the program to meet ongoing time, cost, and scope requirements.
• Partner with 3rd party auditors to conduct audits of Servier capabilities.
• Create and deliver stakeholder cybersecurity educational materials including recorded online courses and live presentations.
• Security Operations
• Build and orchestrate business continuity plans and periodic testing.
• Plan and execute regular vulnerability management testing of Servier networks, operating systems, and applications. Lead remediation efforts and recommend changes as appropriate.
• Manage internal phishing campaigns and conduct follow-up educational activities.
• Research and evaluate all cybersecurity threats and perform root cause analysis. Recommend and implement security solutions. Address and report on Incidents of Compromise (IOCs).
• Partner with the Global cybersecurity team to ensure minimum Global standards are met and share areas where the US plans to evolve further.
• Help define cybersecurity standards in the US and harmonize with Global standards.
• Provide feedback on Global standards to evolve global processes applicable for the US.

Other duties as required or directed by the manager

Required Skills and Education

Required experience

• Must have a minimum of 8 years of experience in either cyber risk management or security operations.
• Hands-on technical experience with identifying and remediating vulnerabilities within either infrastructure, applications, or data ecosystems.
• Experience working with the NIST framework and applying it within an organization(s).
• Experience working with the OSI model and how it applies to cybersecurity.
• Must have exemplary interpersonal skills, with a track record of building productive relationships with colleagues.
• Experience managing and coaching consultants and vendors to support enterprise needs.
• Ability to drive projects and timelines to produce quality deliverables.
• Must have the ability to author policies and procedures, presentations, and reports in a thoughtful and timely manner.

Preferred experience

• Hands-on experience with the design and running of internal phishing campaigns.
• Hands-on technical experience with performing backup and recovery services for one or more OSI layers.
• Hands-on technical experience with one or more scripting and programming languages.
• Working in an international, matrixed organization.

Travel and Location

• Less than 10% travel required.
• Boston-based position, reporting to our Seaport office 2-3 days a week.

Servier’s Commitment

Servier is committed to modeling diversity, equity, and inclusion within the industry. We are dedicated to fostering an environment that maintains equitable treatment for all and we welcome applicants who are passionate, committed, and innovative individuals. We encourage candidates to apply to our open roles as we are always willing to consider experiences and skills beyond what is listed in the job description.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.