Pfizer
VP, Cybersecurity Governance, Risk, and Compliance (GRC)
Pfizer, New York, New York, us, 10261
VP, Cybersecurity Governance, Risk, and Compliance (GRC)
Pfizer is seeking a leader for the VP, Cybersecurity Governance, Risk, and Compliance (GRC) role. This position reports to executive leadership and leads the Global Cybersecurity Governance, Risk, and Compliance (GRC) program to safeguard Pfizer’s digital assets, ensure regulatory compliance, and protect sensitive data across business functions. Role Summary Our Global Cybersecurity Governance, Risk, and Compliance (GRC) team plays a critical role in safeguarding Pfizer’s digital assets, ensuring regulatory compliance, and protecting sensitive data across all business functions. As part of our strategic commitment to strengthening our cybersecurity posture, we are enhancing and modernizing our GRC program to address enterprise-wide risks across applications, data, vendors, and critical operations. We are seeking an experienced leader to drive this transformation. The ideal candidate will have deep expertise in enterprise cyber risk management, regulatory compliance, audit readiness, and oversight of GRC technologies. This leader will drive enterprise programs across GRC, business security and data protection, application security governance, third-party risk management (TPRM), and business continuity/disaster recovery (BCP/DR). Role Responsibilities
Define and execute the enterprise GRC strategy, ensuring alignment with organizational goals and regulatory requirements. Lead the enterprise cyber risk management program, including risk identification, assessment, prioritization, and mitigation planning. Oversee all audit and compliance activities, including ISO 27001, SOC 2, PCI DSS, SOX, GxP, and other relevant standards. Serve as product owner for GRC platforms, ensuring configuration, integration, automation, and reporting capabilities meet enterprise needs. Establish and monitor cybersecurity policies, standards, and procedures; drive adoption across all business and IT units. Lead application security governance initiatives, embedding secure development lifecycle practices across the enterprise. Drive business security and data protection programs, ensuring alignment with global privacy regulations and internal controls. Oversee BCP/DR strategy and execution, ensuring operational resilience across critical business functions. Provide clear, actionable reporting and dashboards on risk, compliance, and program health to executive leadership and the board. Collaborate with Legal, IT, Privacy, Internal Audit, and business stakeholders to embed governance and risk management practices into daily operations. Build, develop, and lead a high-performing GRC team; mentor staff and create a culture of accountability, collaboration, and continuous improvement. Stay current on industry trends, emerging regulations, and cybersecurity best practices to proactively adapt the GRC program. Basic Qualifications
Bachelor’s degree with 15+ years of experience in cybersecurity, risk management, or related fields. At least 8 years of direct leadership experience managing enterprise-wide GRC or risk/compliance functions. Professional certifications such as CISSP (required); CISM, CRISC, or CISA strongly preferred. Experience leading Application Security Governance and secure development lifecycle practices. Strong background in Third-Party Risk Management (TPRM) programs, including vendor assessments, monitoring, and remediation. Deep knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS, SOX) and data protection regulations (GDPR, CCPA, HIPAA). Strong leadership, communication, and presentation skills, with the ability to translate complex risks into business-focused insights for senior executives and boards. Preferred Qualifications
Experience with RSA Archer as the enterprise GRC platform, including ownership of configuration, workflows, and reporting. Experience overseeing GRC-related technologies, including Data Protection/DLP platforms and Business Continuity/Disaster Recovery solutions. Compensation and Benefits
The annual base salary for this position ranges from $256,100.00 to $426,800.00. In addition, this position is eligible for participation in Pfizer’s Global Performance Plan with a bonus target of 30.0% of the base salary and eligibility to participate in our long-term incentive program. Benefits include a 401(k) plan with Pfizer Matching Contributions, retirement savings contributions, paid vacation, holidays, personal days, caregiver/parental and medical leave, health benefits (medical, prescription drug, dental, vision). Relocation assistance may be available based on business needs and eligibility. Learn more at Pfizer Candidate Site – U.S. Benefits. Salary ranges may vary by location; the U.S. range does not apply to all locations. EEO and Other Notices Sunshine Act: Pfizer reports payments and transfers of value to health care providers as required by law. If you are a licensed physician incurring recruiting expenses, certain information may be reported. EEO & Employment Eligibility: Pfizer is an equal opportunity employer and complies with applicable nondiscrimination and work authorization laws; Pfizer is an E-Verify employer. This position requires permanent work authorization in the United States. For accessibility support, please email disabilityrecruitment@pfizer.com. Seniorities and Job Details
Seniority level: Executive Employment type: Full-time Job function: Finance and Sales Industries: Pharmaceutical Manufacturing Information & Business Tech
#J-18808-Ljbffr
Pfizer is seeking a leader for the VP, Cybersecurity Governance, Risk, and Compliance (GRC) role. This position reports to executive leadership and leads the Global Cybersecurity Governance, Risk, and Compliance (GRC) program to safeguard Pfizer’s digital assets, ensure regulatory compliance, and protect sensitive data across business functions. Role Summary Our Global Cybersecurity Governance, Risk, and Compliance (GRC) team plays a critical role in safeguarding Pfizer’s digital assets, ensuring regulatory compliance, and protecting sensitive data across all business functions. As part of our strategic commitment to strengthening our cybersecurity posture, we are enhancing and modernizing our GRC program to address enterprise-wide risks across applications, data, vendors, and critical operations. We are seeking an experienced leader to drive this transformation. The ideal candidate will have deep expertise in enterprise cyber risk management, regulatory compliance, audit readiness, and oversight of GRC technologies. This leader will drive enterprise programs across GRC, business security and data protection, application security governance, third-party risk management (TPRM), and business continuity/disaster recovery (BCP/DR). Role Responsibilities
Define and execute the enterprise GRC strategy, ensuring alignment with organizational goals and regulatory requirements. Lead the enterprise cyber risk management program, including risk identification, assessment, prioritization, and mitigation planning. Oversee all audit and compliance activities, including ISO 27001, SOC 2, PCI DSS, SOX, GxP, and other relevant standards. Serve as product owner for GRC platforms, ensuring configuration, integration, automation, and reporting capabilities meet enterprise needs. Establish and monitor cybersecurity policies, standards, and procedures; drive adoption across all business and IT units. Lead application security governance initiatives, embedding secure development lifecycle practices across the enterprise. Drive business security and data protection programs, ensuring alignment with global privacy regulations and internal controls. Oversee BCP/DR strategy and execution, ensuring operational resilience across critical business functions. Provide clear, actionable reporting and dashboards on risk, compliance, and program health to executive leadership and the board. Collaborate with Legal, IT, Privacy, Internal Audit, and business stakeholders to embed governance and risk management practices into daily operations. Build, develop, and lead a high-performing GRC team; mentor staff and create a culture of accountability, collaboration, and continuous improvement. Stay current on industry trends, emerging regulations, and cybersecurity best practices to proactively adapt the GRC program. Basic Qualifications
Bachelor’s degree with 15+ years of experience in cybersecurity, risk management, or related fields. At least 8 years of direct leadership experience managing enterprise-wide GRC or risk/compliance functions. Professional certifications such as CISSP (required); CISM, CRISC, or CISA strongly preferred. Experience leading Application Security Governance and secure development lifecycle practices. Strong background in Third-Party Risk Management (TPRM) programs, including vendor assessments, monitoring, and remediation. Deep knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS, SOX) and data protection regulations (GDPR, CCPA, HIPAA). Strong leadership, communication, and presentation skills, with the ability to translate complex risks into business-focused insights for senior executives and boards. Preferred Qualifications
Experience with RSA Archer as the enterprise GRC platform, including ownership of configuration, workflows, and reporting. Experience overseeing GRC-related technologies, including Data Protection/DLP platforms and Business Continuity/Disaster Recovery solutions. Compensation and Benefits
The annual base salary for this position ranges from $256,100.00 to $426,800.00. In addition, this position is eligible for participation in Pfizer’s Global Performance Plan with a bonus target of 30.0% of the base salary and eligibility to participate in our long-term incentive program. Benefits include a 401(k) plan with Pfizer Matching Contributions, retirement savings contributions, paid vacation, holidays, personal days, caregiver/parental and medical leave, health benefits (medical, prescription drug, dental, vision). Relocation assistance may be available based on business needs and eligibility. Learn more at Pfizer Candidate Site – U.S. Benefits. Salary ranges may vary by location; the U.S. range does not apply to all locations. EEO and Other Notices Sunshine Act: Pfizer reports payments and transfers of value to health care providers as required by law. If you are a licensed physician incurring recruiting expenses, certain information may be reported. EEO & Employment Eligibility: Pfizer is an equal opportunity employer and complies with applicable nondiscrimination and work authorization laws; Pfizer is an E-Verify employer. This position requires permanent work authorization in the United States. For accessibility support, please email disabilityrecruitment@pfizer.com. Seniorities and Job Details
Seniority level: Executive Employment type: Full-time Job function: Finance and Sales Industries: Pharmaceutical Manufacturing Information & Business Tech
#J-18808-Ljbffr