Executive Director, Governance, Risk and Compliance

What You Will Do

Let’s do this. Let’s change the world. In this vital role, the Executive Director, Information Security is a leadership role responsible for the Governance, Risk and Compliance (GRC) across Amgen’s global digital operating environment. This leadership position plays a significant role in developing comprehensive strategies and frameworks to manage and mitigate risks, strengthen Amgen’s corporate governance, and ensure compliance with applicable laws, regulations, and industry standards (e.g., GxP, SOX, ISO, etc.). The Executive Director will support leadership and peers through the delivery of time-sensitive and tailored information necessary to improve strategic business decision-making. The Executive Director collaborates with stakeholders from Digital, Technology & Innovation (DTI), Human Resources, Compliance, Law, Quality, Finance, and Privacy. The executive director is responsible for organizing, developing, training, and equipping a diverse global team of Amgen staff and contractors in alignment with Amgen’s core values. This leader manages all activities to support GRC service delivery, including strategy development, process design, and key performance indicators that protect Amgen’s ability to innovate and serve patients. The Executive Director is a member of the Cybersecurity & Digital Trust Leadership Team and reports to the Vice President, Information Security and Chief Information Security Officer.

Key Responsibilities include:

• Set vision and strategy for Amgen’s digital Governance, Risk and Compliance efforts globally.
• Provide oversight and assurance for Amgen’s Information Security program in alignment with ISO 27002:2022.
• Oversee Technology’s Document Management Services (DMS).
• Work with Quality, Finance, and Security leadership to provide oversight and effectively manage GxP, Security, and SOX deviations and corrective and preventive actions (CAPAs).
• Partner with Corporate Audit and the Technology Extended Leadership Team to manage audit responses.
• Oversee Amgen’s Global Records and Information Management operations.
• Work with key stakeholders to improve compliance capabilities (e.g., GxP agile validation and process simplification).
• Manage and oversee Amgen’s Risk services, including third-party business enablement and Amgen’s digital risk register.
• Deliver timely transparency reports and metrics to key stakeholders and senior business leadership (e.g., Chief Financial Officer, Chief Information Officer, Chief Information Security Officer, Quality leadership, etc.).
• Maintain outstanding service delivery and collaborate diligently with global functional teams to achieve continuous improvement of governance, risk, and compliance services.
• Lead Artificial Intelligence (AI) Risk and Controls working team comprised of cross-functional business units to accelerate Amgen’s adoption of Trustworthy AI.
• Serve as a key stakeholder and strategic partner to the Responsible AI Council, representing Technology and ensuring alignment of AI governance, risk, and control frameworks with enterprise Responsible AI principles and regulatory expectations.
• Create and manage budgets for yearly support, enhancements, and build efforts and maximize resource allocation across multiple services and tools; this includes operational costs for resources (full-time employees, contract workers, and managed service providers) used to operate GRC.
• Empower employees through Amgen’s Decision, Advice, Inform (DAI) model; delegate responsibilities accordingly and expect accountability and regular feedback.
• Foster teamwork and unity among department members that allows for healthy debate, rapid conflict resolution, appreciation of diversity, and strong team cohesiveness.
• Coach, mentor, and develop staff, including overseeing new employee onboarding and providing quarterly career development sessions.
• Lead employees using a performance management and development process that provides an overall framework to encourage employee contribution and includes goal setting and continuous feedback.
• Guide talent identification and development processes.
• Collaborate with global industry partners and service providers in the Health Information Sharing and Analysis Center (H-ISAC).

What We Expect Of You

We are all different, yet we all use our unique contributions to serve patients. The professional we seek is a leader with these qualifications.

Basic Qualifications:

• Doctorate degree & 6 years of information security experience OR Master’s degree & 10 years of information security experience OR Bachelor’s degree & 12 years of information security experience AND 6 years of managerial experience directly managing people and/or leadership experience leading teams, projects, programs or directing the allocation of resources.

Preferred Qualifications:

• Experience working with Agile principles and values to transform waterfall-based processes (e.g., Scaled Agile Framework [SAFe]).
• Practical experience in leading global multi-disciplined GRC teams (e.g., SOX, Quality, Security).
• Experience with regulated systems (GxP, SOX) in the pharmaceutical, biotechnology, healthcare industry.
• Practical experience working in compliance with corporate audit and global regulations (e.g., China Cybersecurity Law, NIS2, Global Data Protection Regulation, etc.).
• Executive written and verbal communication skills to diverse target audiences.
• Understanding of records information management, retention schedule management, and oversight.
• Ability to coordinate/lead multiple projects/activities with competing priorities.
• Portfolio and project management skills.
• Data-driven problem solving and analytical skills and proven experience within high performance team.
• Skilled in negotiation of critical issues.
• Understanding of and ability to manage cognitive biases.
• Attention to detail and focus on providing vetted information.
• Up to date on current information security trends and topics.
• Experience working with global virtual teams.
• Successful management of multiple priorities.
• Team-oriented, placing priority on the successful completion of team goals.
• Self-starter with a high degree of initiative and motivation and able to work effectively under minimal supervision.
• Preferred Certifications (Any): CRISC, CISSP, CGEIT, CISM, CISA, GRCP.

What You Can Expect Of Us

As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. The annual base salary range for this opportunity in the U.S. is $270,282.00 to $333,051.00. In addition to the base salary, Amgen offers a Total Rewards Plan, based on eligibility, comprising of health and welfare plans for staff and eligible dependents, financial plans with opportunities to save towards retirement or other goals, work/life balance, and career development opportunities that may include:

• Comprehensive employee benefits package, including a Retirement and Savings Plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts.
• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan.
• Stock-based long-term incentives.
• Award-winning time-off plans and bi-annual company-wide shutdowns.
• Flexible work models, including remote work arrangements, where possible.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Amgen does not have an application deadline for this position; we will continue accepting applications until we receive a sufficient number or select a candidate for the position. Sponsorship for this role is not guaranteed.

Key skills/competency

• Governance, Risk and Compliance (GRC)
• Information Security
• ISO 27002:2022
• GxP, SOX Compliance
• AI Risk Management
• Strategic Leadership
• Global Team Management
• Audit Management
• Regulatory Compliance
• Stakeholder Collaboration