Executive Director, Global Cyber Governance, Risk, and Compliance (GRC)
Company: AstraZeneca
Location: Montgomery Village
Posted on: February 20, 2026
|
|
|
Job Description:
Are you ready to set the global agenda for cyber governance and
regulatory adherence within a firm where trusted, protected
technology accelerates life-changing medicines to patients? Can you
translate complexity into crucial action that protects trust while
enabling ambitious innovation and speed? As Executive Director for
Global Cyber GRC, you will lead the enterprise approach to
information security. You will coordinate technological risk and
ensure our most critical data, platforms, and partners operate with
resilience, regulatory confidence, and clear accountability. You
will connect cyber risk to strategic decisions, equipping the
company’s leadership team and Board with sharp, actionable insight
that balances protection and progress. This is a pivotal role in
our transformation into a digital and data-led enterprise. You will
guide the harmonization of controls throughout various regions. You
will improve our response to evolving regulations. You will embed
risk-informed decision-making into how we discover, develop, and
deliver medicines worldwide. Accountabilities: Lead the
organization-wide information security and technology risk
framework spanning all locations. Prioritize the most meaningful
risks and drive treatment plans to closure. Lead all aspects of the
worldwide cyber regulatory approach and ensure it meets laws,
regulations, and standards. This includes confidentiality,
information security, crucial infrastructure, and requirements
outstanding to the life sciences sector across jurisdictions.
Third-Party Risk Governance: Coordinate the management of cyber
risk controls for vendors, academic collaborators, and technology
service providers, safeguarding the extended ecosystem vital to
global operations. Cyber Resilience Oversight: Provide governance
for incident preparedness, crisis response coordination, and
recovery preparation; ensure cohesive, end-to-end resilience
outcomes with security operations, technology, legal, privacy and
business continuity teams. Control Assurance and Ongoing
Improvement: Ensure the build and efficiency of cybersecurity and
information technology safeguards through continuous validation,
evaluation, and detailed improvement. Build, lead, and advance
international cyber risk oversight groups and senior risk advisory
panels. Drive cross-functional decisions that align with the
organizations risk tolerance and strategic goals. Communicate
detailed engineering and compliance risk into clear choices for top
leadership as well as the Board. Deliver concise, high-impact
reports on posture, trends, and material exposures. Act as a
reliable consultant to the heads of information security,
information technology, risk and compliance functions, and legal
partners. Represent the company in interactions with regulatory
agencies, professional associations, and peer organizations.
Distributed Team Leadership: Build, lead and develop a
high-performing, distributed cyber GRC team with clear mission,
measurable outcomes and strong succession. Business Enablement:
Incorporate cyber risk within broader enterprise risk management to
reduce friction, increase confidence and enable faster, safer
delivery of scientific and commercial outcomes. Essential
Skills/Experience: Demonstrated experience establishing and leading
an enterprise framework for managing cybersecurity and
technological risk across multiple regions and business units.
Proven ability to integrate cyber risk into enterprise risk
management processes, aligned with corporate risk appetite and
strategic objectives. Track record coordinating third-party cyber
risk management across suppliers, research partners and technology
vendors. Ownership of a global cyber regulatory strategy with
compliance accountability across jurisdictions, including privacy,
data protection, critical infrastructure and life sciences–specific
requirements. Experience acting as the primary executive interface
for cyber-related regulatory examinations, audits and inquiries.
Evidence of harmonizing compliance controls across regions while
maintaining local regulatory adherence. Governance oversight of
cyber resilience programs, including incident readiness, crisis
management and recovery planning. Expertise ensuring control design
and effectiveness for cyber and IT controls, including ongoing
assurance, testing and continuous improvement. Experience
designing, leading and maturing global cyber risk governance forums
and executive risk committees. Ability to translate complex
technical and regulatory risks into clear, actionable insights for
senior executives and the Board, with concise, high-impact
reporting. Validated leadership building, leading and developing a
globally distributed team of cyber GRC professionals. Experience
serving as a trusted advisor to CISO, CIO, enterprise risk
leadership, compliance, legal and senior business executives.
Credibility representing an organization externally with
regulators, industry bodies and peer companies. Bachelor’s degree
required; advanced degree preferred (e.g., MBA, MS, JD). 15 years
of progressive experience in cyber security, IT risk, governance,
risk, and/or compliance roles. Desirable Skills/Experience:
Experience in highly regulated, science-driven industries such as
biopharma, healthcare or critical infrastructure. Strong
familiarity with global regulatory frameworks and standards (e.g.,
GDPR and other privacy laws, NIS2, HIPAA, FDA/EMA expectations,
ISO/IEC 27001/27701, SOC 2). Board-level communication and
storytelling that link risk to enterprise value and patient impact.
Leadership of large-scale control transformation or control
harmonization initiatives across regions. Depth in third-party and
supply chain cyber risk, including cloud/SaaS, data platforms and
research collaborations. Professional certifications such as CISSP,
CISM, CRISC, CIPP/E, CIPM or equivalent executive-level
credentials. Experience aligning cyber resilience with enterprise
business continuity and technology recovery programs. Why
AstraZeneca: Join a company where secure digital capabilities
directly influence how quickly we bring new medicines to people who
need them. Here, cyber GRC is not a back-office function—it is a
strategic force that underpins discovery, development and global
delivery. You will work with unexpected teams in the same room
unleashing bold thinking, blending cutting-edge data and platforms
with rigorous governance to create real-world impact. We are
investing for scale and speed, and we value kindness alongside
ambition—empowering experts to take ownership, challenge
assumptions and shape how the business operates. Your leadership
will be visible, valued and instrumental in building confidence
with regulators, partners and patients while enabling the
enterprise to move faster with control. The annual base pay for
this position ranges from 227.024,80 - 340.537,20 USD Annual (80% -
120%). Hourly and salaried non-exempt employees will also be paid
overtime pay when working qualifying overtime hours. Base pay
offered may vary depending on multiple individualized factors,
including market location, job-related knowledge, skills, and
experience. In addition, our positions offer a short-term incentive
bonus opportunity; eligibility to participate in our equity-based
long-term incentive program (salaried roles), to receive a
retirement contribution (hourly roles), and commission payment
eligibility (sales roles). Benefits offered included a qualified
retirement program [401(k) plan]; paid vacation and holidays; paid
leaves; and, health benefits including medical, prescription drug,
dental, and vision coverage in accordance with the terms and
conditions of the applicable plans. Additional details of
participation in these benefit plans will be provided if an
employee receives an offer of employment. If hired, employee will
be in an “at-will position” and the Company reserves the right to
modify base pay (as well as any other discretionary payment or
compensation program) at any time, including for reasons related to
individual performance, Company or individual department/team
performance, and market factors. Call to Action: Lead the next
chapter of our global cyber resilience and regulatory
confidence—step in to shape a safer, faster, data-powered future
that advances science and protects patients.
Keywords: AstraZeneca, Arlington , Executive Director, Global Cyber Governance, Risk, and Compliance (GRC), IT / Software / Systems , Montgomery Village, Virginia
