Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines in four disease areas: bone and mineral; intractable hematologic; hematology oncology; and rare disease.  A Japan-based company, our goal is to translate science into smiles by delivering therapies where no adequate treatments currently exist, working from drug discovery to product development and commercialization. In North America, we are headquartered in Princeton, NJ, with offices in California, North Carolina, and Mississauga, Ontario.

Summary:

We are seeking a forward-thinking Manager, GRC, Awareness & Application Security to join our Global Information Security team. This role leads a unified function that embeds risk management, policy governance, and application security into daily business and development activities, while cultivating a strong security-aware culture across the enterprise. The ideal candidate combines deep technical acumen with strong communication and program management capabilities to bridge governance, culture, and technical execution. 

Essential Functions:

•    Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards.
•    Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes.
•    Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization.
•    Partner with application teams to embed secure-by-design principles, threat modeling, and DevSecOps practices into SDLC and CI/CD pipelines.
•    Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams
•    Advance  application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams.
•    Develop and maintain dashboards and key risk indicators (KRIs) to measure:
o    Organizational risk posture and control coverage.
o    Effectiveness of awareness programs (click rates, behavioral metrics, completion trends).
o    Application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity).
•    Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context.
•    Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks.
•    Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions.

Requirements:

Education
Bachelor’s degree in Information Security, Computer Science, Business, or related field required; Master’s degree preferred.

Certifications
Required: CISSP, CRISC, or equivalent; Preferred: CISM, CSSLP, or other AppSec/GRC certifications.

Experience: 
At least 7 years of progressive experience in cybersecurity, with hands-on expertise in the following domains: GRC, security awareness, application security; Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing); Strong understanding of software development lifecycles, secure coding, and DevSecOps integration; Experience managing vendor and third-party risk, including contract and assessment processesFamiliarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements.

Technical Skills
•    Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows.
•    Expertise in Application Security practices, including secure SDLC, DevSecOps integration, and tools such as SAST, DAST, and SCA.
•    Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics.
•    Knowledge of third-party and vendor risk management processes, including assessments, contract reviews, and remediation tracking.
•    Familiarity with regulatory and compliance requirements such as HIPAA, GxP, and 21 CFR Part 11, and with audit and readiness activities in regulated industries.
Proficiency in cloud and identity security fundamentals (AWS, Azure, GCP; IAM and Zero Trust concepts).

Working Conditions:

Requires up to  10 % domestic and international travel

The anticipated salary for this position will be $125,000 to $140,000.  The actual salary offered for this role at commencement of employment may vary based on several factors including but not limited to relevant experience, skill set, qualifications, education (including applicable licenses and certifications, job-based knowledge, location, and other business and organizational needs.

The listed salary is just one component of the overall compensation package. At Kyowa Kirin North America we provide a comprehensive range of benefits including:

• 401K with company match
• Discretionary Profit Share
• Annual Bonus Program (Sales Bonus for Sales Jobs)
• Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs, Sick Days and, Volunteer Days
• Healthcare Benefits (Medical, Dental, Prescription Drugs and Vision)
• HSA & FSA Programs
• Well-Being and Work/Life Programs
• Life & Disability Insurance
• Concierge Services
• Long Term Incentive Program (subject to job level and performance)
• Pet Insurance
• Tuition Assistance
• Employee Referral Awards

The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.

KKNA and all of its employees have an obligation to act in accordance with the law and with integrity in all our operations and interactions

It is the policy of Kyowa Kirin North America, Inc. to provide equal employment opportunity to all qualified persons without regard to race, religion, creed, color, pregnancy, sex, age, national origin, disability, genetic trait or predisposition, veteran status, marital status, sexual orientation or affection preference or citizenship status or any other category protected by law.

When you apply to a job on this site, the personal data contained in your application will be collected and stored by Kyowa Kirin, Inc. (“Controller”), which is located at 510 Carnegie Center Dr. Princeton, NJ 08540 USA and can be contacted by emailing kkus.talentacquisition.8h@kyowakirin.com. Controller’s data protection officer can be contacted at usprivacyoffice@kyowakirin.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of General Data Protection Regulation (EU) 2016/679 (“GDPR”) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment. 

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. The transfer will be made using appropriate additional safeguards under the standard contractual clauses approved by regulators for transfers of personal data outside the European Union.

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, if you are located in the European Union, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have the right to data portability, and to lodge a complaint with an EU supervisory authority. If you have any questions about our use of your data, you may contact us by email at usprivacyoffice@kyowakirin.com.

Recruitment & Staffing Agencies

Kyowa Kirin does not accept agency resumes unless contacted directly by internal Kyowa Kirin Talent Acquisition. Please do not forward resumes to Kyowa Kirin employees or any other company location; Kyowa Kirin is not responsible for any fees related to unsolicited resumes.

#LI-TT1 #Hybrid #Princeton