VP, Cybersecurity Governance, Risk, and Compliance (GRC)

ROLE SUMMARY
Our Global Cybersecurity Governance, Risk, and Compliance (GRC) team plays a critical role in safeguarding Pfizer's digital assets, ensuring regulatory compliance, and protecting sensitive data across all business functions. As part of our strategic commitment to strengthening our cybersecurity posture, we are enhancing and modernizing our GRC program to address enterprise-wide risks across applications, data, vendors, and critical operations.
We are seeking an experienced individual of Cybersecurity Governance, Risk, and Compliance to lead this transformation. The ideal candidate will have deep expertise in enterprise cyber risk management, regulatory compliance, audit readiness, and oversight of GRC technologies. This leader will drive enterprise programs across GRC, business security and data protection, application security governance, third-party risk management (TPRM), and business continuity/disaster recovery (BCP/DR).
ROLE RESPONSIBILITIES

• Define and execute the enterprise GRC strategy, ensuring alignment with organizational goals and regulatory requirements.

• Lead the enterprise cyber risk management program, including risk identification, assessment, prioritization, and mitigation planning.

• Oversee all audit and compliance activities, including ISO 27001, SOC 2, PCI DSS, SOX, GxP , and other relevant standards.

• Serve as product owner for GRC platforms, ensuring configuration, integration, automation, and reporting capabilities meet enterprise needs.

• Establish and monitor cybersecurity policies, standards, and procedures , drive adoption across all business and IT units.

• Lead application security governance initiatives, embedding secure development lifecycle practices across the enterprise.

• Drive business security and data protection programs, ensuring alignment with global privacy regulations and internal controls.

• Oversee BCP/DR strategy and execution, ensuring operational resilience across critical business functions.

• Provide clear, actionable reporting and dashboards on risk, compliance, and program health to executive leadership and the board.

• Collaborate with Legal, IT, Privacy, Internal Audit, and business stakeholders to embed governance and risk management practices into daily operations.

• Build, develop, and lead a high-performing GRC team; mentor staff and create a culture of accountability, collaboration, and continuous improvement.

• Stay current on industry trends, emerging regulations, and cybersecurity best practices to proactively adapt the GRC program.

BASIC QUALIFICATIONS

• Bachelor's degree with 15+ years of experience in cybersecurity, risk management, or related fields.

• At least 8 years of direct leadership experience managing enterprise-wide GRC or risk/compliance functions.

• Professional certifications such as CISSP (required); CISM, CRISC, or CISA strongly preferred.

• Experience leading Application Security Governance and secure development lifecycle practices.

• Strong background in Third-Party Risk Management (TPRM) programs, including vendor assessments, monitoring, and remediation.

• Deep knowledge of cybersecurity frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS, SOX) and data protection regulations (GDPR, CCPA, HIPAA).

• Strong leadership, communication, and presentation skills, with the ability to translate complex risks into business-focused insights for senior executives and boards.

PREFERRED QUALIFICATIONS

• Experience with RSA Archer as the enterprise GRC platform, including ownership of configuration, workflows, and reporting.

• Experience overseeing GRC-related technologies, including Data Protection/DLP platforms and Business Continuity/Disaster Recovery solutions.

Last date to apply: October 17, 2025
The annual base salary for this position ranges from $256,100.00 to $426,800.00. In addition, this position is eligible for participation in Pfizer's Global Performance Plan with a bonus target of 30.0% of the base salary and eligibility to participate in our share based long term incentive program. We offer comprehensive and generous benefits and programs to help our colleagues lead healthy lives and to support each of life's moments. Benefits offered include a 401(k) plan with Pfizer Matching Contributions and an additional Pfizer Retirement Savings Contribution, paid vacation, holiday and personal days, paid caregiver/parental and medical leave, and health benefits to include medical, prescription drug, dental and vision coverage. Learn more at Pfizer Candidate Site - U.S. Benefits | (uscandidates.mypfizerbenefits.com). Pfizer compensation structures and benefit packages are aligned based on the location of hire. The United States salary range provided does not apply to Tampa, FL or any location outside of the United States.
Relocation assistance may be available based on business needs and/or eligibility.
Sunshine Act
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider's name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer. This position requires permanent work authorization in the United States.
Pfizer endeavors to make www.pfizer.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process and/or interviewing, please email [email protected] . This is to be used solely for accommodation requests with respect to the accessibility of our website, online application process and/or interviewing. Requests for any other reason will not be returned.
Information & Business Tech