Principle Chapter Lead, Risk and Compliance

Astellas Pharma • Markham, York Region • 3d ago

Do you want to be part of an inclusive team that works to develop innovative therapies for patients? Every day, we are driven to develop and deliver innovative and effective new medicines to patients and physicians. If you want to be part of this exciting work, you belong at Astellas!

Astellas Pharma Inc. is a pharmaceutical company conducting business in more than 70 countries around the world. We are committed to turning innovative science into medical solutions that bring value and hope to patients and their families. Keeping our focus on addressing unmet medical needs and conducting our business with ethics and integrity enables us to improve the health of people throughout the world. For more information on Astellas, please visit our website at www.astellas.com [http://www.astellas.com/].

This position is based in Northbrook, Illinois. Hybrid work from certain states may be permitted in accordance with Astellas’ Responsible Flexibility Guidelines. Candidates interested in hybrid work are encouraged to apply.

Purpose:

This global role will play a crucial part in overseeing and enhancing the governance, risk management, and compliance of Astellas' security practices.

Essential Job Responsibilities:

Develop and coach a high-performing global team in various disciplines within DigitalX including Information Security, PODs and Value Teams.
Product Security and Infrastructure Risk and Compliance
Develop and continuously evolve a strong governance, risk, and compliance framework for Astellas' security practices
Partner closely with Legal and Ethics & Compliance to ensure adherence to relevant laws and regulatory requirements
Establish and lead a comprehensive risk management program to identify, assess, mitigate and monitor security risks across the organization
Revamp and lead the Third-Party Risk Management program, ensuring that security risks associated with third-party relationships are identified and managed effectively
Establish a comprehensive data security strategy that aligns with the overarching objectives of the information security program
Lead the development and implementation of an AI governance strategy, ensuring effective operationalization of AI technologies across the organization
Ensure infrastructure platforms are secure, reliable and capable of supporting Astellas
Serve as the primary liaison for all DigitalX audit activities, internal assessments, and regulatory engagements, ensuring collaborative communication and coordination among all involved.
Monitor and report on all DigitalX audits, ensuring timely remediation of identified issues and transparent communication to relevant stakeholders
Revamp DigitalX policies, standards, and procedure documentation to eliminate redundancies, streamline processes and reduce amount of training time required
Establish internal assessment program to evaluate Astellas’ cybersecurity maturity, continuously benchmarking against peers and industry standards
Ensure that all contracts incorporate appropriate security language to safeguard sensitive information and establish clear responsibilities for data protection and compliance.
Oversee security initiatives in China, ensuring compliance with China-specific regulations and fostering a strong security culture within the region
Own all DigitalX LMS training to ensure the development, delivery, and continuous improvement of DigitalX training

Qualifications

Qualifications Required:

Bachelor's degree
10+ years of IT and/or security experience in data security, information security or a related field
At least 10 years of experience in information security, risk management, or a related field, with a minimum of 5 years in a leadership or managerial role
In-depth knowledge of security assurance, risk management frameworks, and regulatory compliance requirements, including NIS2, SEC, and China-specific cybersecurity regulations.
Proven experience in implementing and managing security assurance and risk management programs in a global organization
Strong understanding of cybersecurity risk assessment methodologies and industry best practices
Excellent knowledge of cybersecurity frameworks, such as NIST CSF, ISO 27001, or similar.
Demonstrated ability to effectively interface with internal and external stakeholders, including auditors and regulators.
Experience in managing security-related vendor contracts and agreements.
Strong leadership and team management skills, with a focus on talent development and performance management.
Excellent communication and presentation skills, both written and verbal.

Working Environment:

At Astellas we recognize the importance of work/life balance, and we are proud to offer a hybrid working solution allowing time to connect with colleagues at the office with the flexibility to also work from home. We believe this will optimize the most productive work environment for all employees to succeed and deliver. Hybrid work from certain locations may be permitted in accordance with Astellas’ Responsible Flexibility Guidelines.