Kyowa Kirin, Inc.- U.S.
Manager, GRC, Awareness and Application Security
Kyowa Kirin, Inc.- U.S., Princeton, New Jersey, us, 08543
Manager, GRC, Awareness and Application Security
Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines in four disease areas: bone and mineral; intractable hematologic; hematology oncology; and rare disease. A Japan-based company, our goal is to translate science into smiles by delivering therapies where no adequate treatments currently exist, working from drug discovery to product development and commercialization. In North America, we are headquartered in Princeton, NJ, with offices in California, North Carolina, and Mississauga, Ontario. Summary: We are seeking a forward-thinking Manager, GRC, Awareness & Application Security to join our Global Information Security team. This role leads a unified function that embeds risk management, policy governance, and application security into daily business and development activities, while cultivating a strong security-aware culture across the enterprise. The ideal candidate combines deep technical acumen with strong communication and program management capabilities to bridge governance, culture, and technical execution. Essential Functions: Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards. Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes. Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization. Partner with application teams to embed secure-by-design principles, threat modeling, and DevSecOps practices into SDLC and CI/CD pipelines. Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams. Advance application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams. Develop and maintain dashboards and key risk indicators (KRIs) to measure: organizational risk posture and control coverage; effectiveness of awareness programs (click rates, behavioral metrics, completion trends); and application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity). Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context. Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks. Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions. Requirements: Education Bachelor’s degree in Information Security, Computer Science, Business, or related field required; Master’s degree preferred. Certifications Required: CISSP, CRISC, or equivalent; Preferred: CISM, CSSLP, or other AppSec/GRC certifications. Experience At least 7 years of progressive experience in cybersecurity, with hands-on expertise in the following domains: GRC, security awareness, application security; Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing); Strong understanding of software development lifecycles, secure coding, and DevSecOps integration; Experience managing vendor and third-party risk, including contract and assessment processes; Familiarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements. Technical Skills • Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows. • Expertise in Application Security practices, including secure SDLC, DevSecOps integration, and tools such as SAST, DAST, and SCA. • Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics. • Knowledge of third-party and vendor risk management processes, including assessments, contract reviews, and remediation tracking. • Familiarity with regulatory and compliance requirements such as HIPAA, GxP, and 21 CFR Part 11, and with audit and readiness activities in regulated industries. • Proficiency in cloud and identity security fundamentals (AWS, Azure, GCP; IAM and Zero Trust concepts). Working Conditions: Requires up to 10% domestic and international travel Compensation & Benefits: The anticipated salary for this position will be
$125,000 to $140,000 . The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience, skill set, qualifications, education (including applicable licenses and certifications, job-based knowledge, location, and other business and organizational needs). The listed salary is just one component of the overall compensation package. At Kyowa Kirin North America we provide a comprehensive range of benefits including: 401K with company match Discretionary Profit Share Annual Bonus Program (Sales Bonus for Sales Jobs) Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs, Sick Days and, Volunteer Days Healthcare Benefits (Medical, Dental, Prescription Drugs and Vision) Well-Being and Work/Life Programs Life & Disability Insurance Long Term Incentive Program (subject to job level and performance) Pet Insurance Tuition Assistance Employee Referral Awards The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market. Equal Employment Opportunity
Kyowa Kirin North America has an obligation to act in accordance with the law and with integrity in all our operations and interactions. It is the policy of Kyowa Kirin North America, Inc. to provide equal employment opportunity to all qualified persons without regard to race, religion, creed, color, pregnancy, sex, age, national origin, disability, genetic trait or predisposition, veteran status, marital status, sexual orientation or affection preference or citizenship status or any other category protected by law. Data Privacy
When you apply to a job on this site, the personal data contained in your application will be collected and stored by Kyowa Kirin, Inc. ("Controller"). Controller’s data protection officer can be contacted at usprivacyoffice@kyowakirin.com. Your personal data will be processed for recruitment-related activities and may be shared with Greenhouse Software, Inc. for recruitment management. Your data may be transferred outside the EU with appropriate safeguards. You have rights under GDPR to access, rectify, erase, restrict processing, data portability, and to lodge a complaint with an EU supervisory authority. If you have questions about our use of your data, contact us at usprivacyoffice@kyowakirin.com. Recruitment & Staffing Agencies Kyowa Kirin does not accept agency resumes unless contacted directly by internal Kyowa Kirin Talent Acquisition. Please do not forward resumes to Kyowa Kirin employees or any other company location; Kyowa Kirin is not responsible for any fees related to unsolicited resumes.
#J-18808-Ljbffr
Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines in four disease areas: bone and mineral; intractable hematologic; hematology oncology; and rare disease. A Japan-based company, our goal is to translate science into smiles by delivering therapies where no adequate treatments currently exist, working from drug discovery to product development and commercialization. In North America, we are headquartered in Princeton, NJ, with offices in California, North Carolina, and Mississauga, Ontario. Summary: We are seeking a forward-thinking Manager, GRC, Awareness & Application Security to join our Global Information Security team. This role leads a unified function that embeds risk management, policy governance, and application security into daily business and development activities, while cultivating a strong security-aware culture across the enterprise. The ideal candidate combines deep technical acumen with strong communication and program management capabilities to bridge governance, culture, and technical execution. Essential Functions: Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards. Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes. Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization. Partner with application teams to embed secure-by-design principles, threat modeling, and DevSecOps practices into SDLC and CI/CD pipelines. Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams. Advance application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams. Develop and maintain dashboards and key risk indicators (KRIs) to measure: organizational risk posture and control coverage; effectiveness of awareness programs (click rates, behavioral metrics, completion trends); and application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity). Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context. Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks. Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions. Requirements: Education Bachelor’s degree in Information Security, Computer Science, Business, or related field required; Master’s degree preferred. Certifications Required: CISSP, CRISC, or equivalent; Preferred: CISM, CSSLP, or other AppSec/GRC certifications. Experience At least 7 years of progressive experience in cybersecurity, with hands-on expertise in the following domains: GRC, security awareness, application security; Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing); Strong understanding of software development lifecycles, secure coding, and DevSecOps integration; Experience managing vendor and third-party risk, including contract and assessment processes; Familiarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements. Technical Skills • Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows. • Expertise in Application Security practices, including secure SDLC, DevSecOps integration, and tools such as SAST, DAST, and SCA. • Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics. • Knowledge of third-party and vendor risk management processes, including assessments, contract reviews, and remediation tracking. • Familiarity with regulatory and compliance requirements such as HIPAA, GxP, and 21 CFR Part 11, and with audit and readiness activities in regulated industries. • Proficiency in cloud and identity security fundamentals (AWS, Azure, GCP; IAM and Zero Trust concepts). Working Conditions: Requires up to 10% domestic and international travel Compensation & Benefits: The anticipated salary for this position will be
$125,000 to $140,000 . The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience, skill set, qualifications, education (including applicable licenses and certifications, job-based knowledge, location, and other business and organizational needs). The listed salary is just one component of the overall compensation package. At Kyowa Kirin North America we provide a comprehensive range of benefits including: 401K with company match Discretionary Profit Share Annual Bonus Program (Sales Bonus for Sales Jobs) Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs, Sick Days and, Volunteer Days Healthcare Benefits (Medical, Dental, Prescription Drugs and Vision) Well-Being and Work/Life Programs Life & Disability Insurance Long Term Incentive Program (subject to job level and performance) Pet Insurance Tuition Assistance Employee Referral Awards The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market. Equal Employment Opportunity
Kyowa Kirin North America has an obligation to act in accordance with the law and with integrity in all our operations and interactions. It is the policy of Kyowa Kirin North America, Inc. to provide equal employment opportunity to all qualified persons without regard to race, religion, creed, color, pregnancy, sex, age, national origin, disability, genetic trait or predisposition, veteran status, marital status, sexual orientation or affection preference or citizenship status or any other category protected by law. Data Privacy
When you apply to a job on this site, the personal data contained in your application will be collected and stored by Kyowa Kirin, Inc. ("Controller"). Controller’s data protection officer can be contacted at usprivacyoffice@kyowakirin.com. Your personal data will be processed for recruitment-related activities and may be shared with Greenhouse Software, Inc. for recruitment management. Your data may be transferred outside the EU with appropriate safeguards. You have rights under GDPR to access, rectify, erase, restrict processing, data portability, and to lodge a complaint with an EU supervisory authority. If you have questions about our use of your data, contact us at usprivacyoffice@kyowakirin.com. Recruitment & Staffing Agencies Kyowa Kirin does not accept agency resumes unless contacted directly by internal Kyowa Kirin Talent Acquisition. Please do not forward resumes to Kyowa Kirin employees or any other company location; Kyowa Kirin is not responsible for any fees related to unsolicited resumes.
#J-18808-Ljbffr