This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The Information Security Governance, Risk, and Compliance (GRC) Director is a senior leadership role responsible for defining, executing, and maturing Avantor’s global security governance, risk, and compliance strategy and function. This individual will develop and oversee programs that ensure adherence to regulatory requirements, alignment with security best practices, and effective management of cybersecurity risk across the enterprise.

• Develop and lead a comprehensive global GRC strategy aligned with Avantor’s security, technology, and business priorities.
• Advise the CISO and senior leadership on enterprise risk posture, emerging threats, compliance obligations, and security performance.
• Champion a culture of security accountability across the organization.
• Manage the Company’s Information Security Management System (ISMS).
• Establish, maintain, and evolve the Company’s information security policies, standards, and guidelines.
• Define and drive the enterprise application security strategy, ensuring alignment with business objectives, regulatory requirements, and risk tolerance.
• Lead the enterprise cyber risk management program, including risk assessments, risk treatment plans, tracking, and reporting.
• Own information security components of compliance programs and readiness efforts.
• Further develop, evolve and oversee the vendor security assessment lifecycle.
• Continue to drive the evolution of the enterprise-wide awareness and training program.
• Develop, maintain and automate security KPIs, KRIs, and dashboards.

Qualifications

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or related field (or equivalent experience).
• Advanced degree (MBA, MS in Cybersecurity, etc.) preferred.
• 10+ years of progressive experience in Information Security, with at least 5 years in GRC leadership roles.
• Strong understanding of security frameworks: NIST CSF/800-53, ISO 27001, SOC 2, CIS Controls, COBIT.
• Professional certifications: CISSP, CISM, CISA, CRISC, CGEIT, ISO 27001 Lead Implementer / Auditor, or similar.
• Experience in life sciences, manufacturing, or highly regulated industries.
• Familiarity with data privacy regulations (GDPR, CCPA) and cloud compliance programs.

Requirements

• Demonstrated experience managing large-scale compliance initiatives and audit processes.
• Expertise in enterprise risk management methodologies and tools.
• Excellent communication and stakeholder-management skills, including presenting to executives and boards.
• Proven ability to build, mentor, and lead high-performing teams.

Benefits

• Comprehensive benefits package including medical, dental, and vision coverage.
• Wellness programs, health savings and flexible spending accounts.
• 401(k) plan with company match.
• Employee stock purchase program.
• 11 paid holidays and 18 PTO days annually.
• Eligible for volunteer time off and 6 weeks of 100% paid parental leave.