Deputy CISO - Biogen

The Company Biogen

225 Binney Street
Cambridge, MA 02142
https://www.biogen.com/en_us/home.html

Biogen’s mission: “we are pioneers in neuroscience”.

Since their founding in 1978 as one of the world’s first global biotechnology
companies by Charles Weissmann, Heinz Schaller, Kenneth Murray and Nobel
Prize winners Walter Gilbert and Phillip Sharp, Biogen has led innovative
scientific research with the goal over the last decade to defeat devastating
neurological diseases.

Millions of people around the world are affected by multiple sclerosis,

Alzheimer’s disease, Parkinson’s disease and amyotrophic lateral sclerosis
(ALS). Many people also suffer from less common diseases such as spinal
muscular atrophy (SMA) and progressive supranuclear palsy (PSP).

At Biogen they believe that no other disease area holds as much need or as
much promise for medical breakthroughs as neuroscience.

Biogen has some of the world’s best neurologists and neuroscientists. They
engage with physicians and scientific leaders around the world with the aim
to further medical research. Their focus on neuroscience, their deep
scientific expertise and their courage to take risks make them leaders in the
research and development of medicines to transform neuroscience to benefit
society.

Their technology and engineering capabilities create novel ways to seamlessly

transition products from development to manufacturing with the intent of
bringing their high-quality medicines to market faster.

Biogen respects the contributions of health care providers caring for people
living with neurological diseases. They honor the important role of caregivers,
families and friends who care about them.

Biogen is committed to working with advocacy and patient organizations as

they serve the communities they represent.

Recognizing the challenges facing health care systems today, they collaborate
with regulatory authorities and customers such as health care providers and
payers, so that those in need can access their medicines.

“Professional, ethical, and compliant, we hold ourselves accountable to

deliver value to our shareholders”.

Page 1 of 5 Deputy CISO

 Biogen contributes to the communities where we live. We are committed to
our employees, diversity and inclusion, and environmental sustainability.

We care deeply about making a difference. We work fearlessly. We do not

give up even when challenged, pursuing innovation in all that we do. We are
humbled by the opportunity to change lives.

Hiring Manager Bob Litterer – VP, Chief Information Security Officer

As CISO for Biogen Mr. Litterer is responsible for enterprise information

security, risk management and compliance practices across a global
organization of +8,000 employees in +30 countries. These practices include
responsibility for cyber security operations, strategy and architecture,
governance policies and compliance, and risk management practices that
protect the interests of patients, employees and other critical stakeholders.

Mr. Litterer joined Biogen in 2019 and has over 20 years of Security and IT
leadership experience primarily focused in biotech and pharma. Mr. Litterer
has an MA in Public Affairs and a BA from the University of Minnesota and
holds CISSP and CRISC certifications.
Bob Litterer – VP, Chief
Information Security
Officer

Position Deputy CISO, Head of CISO Solutions & Outreach

Location The Deputy CISO will be located at Biogen’s headquarters in Cambridge, MA.

Position Description Heller Search has been retained to identify and recruit an experienced and
highly qualified Deputy CISO. The Deputy CISO, Head of CISO Program Office
role is responsible for partnering with the CISO in maintaining a corporate-
wide, global information risk management program and cybersecurity
organization. Reporting to the CISO, the Deputy CISO will work with all areas
of Biogen’s business to develop and articulate a shared vision for a “best in
class” global information security and compliance program to assess
appropriate technology platform risks and protect value in the business.

Responsibilities include strategy, architecture, solutions design, program

coordination and execution, awareness, outreach, business management and
reporting on information security program effectiveness. This position
requires a seasoned leader with strong business acumen and a detailed
working knowledge of information security technologies, practices, policies,
and their application to a global business. The successful candidate is
comfortable interacting with the most senior levels of IT and executive risk
management function and as peer-advisor to Biogen’s business leaders will
help direct the security program as a business enabler.

The ideal candidate is a thought leader, a consensus builder, and an

integrator of people, processes and technology. This role requires a business
leader with a track record of competency in the field of information security,
risk and compliance with direct experience in a comparable leadership role
managing organizations of more than 30 people with budgets in excess of $30
million.

Page 2 of 5 Deputy CISO

 Key Responsibilities  Support the CISO as a liaison to the Board of Directors Audit and Risk
Committee on matters of cyber security and cyber risk. Partner on
steering committees and governance groups directing the overall
cyber security and risk posture of the organization.
 Interface with senior business leaders within Biogen to foster the
execution of cyber security as a business enabler and protect value in
the business.
 Consults with senior leaders on aligning security to innovation
initiatives.
 Establish and socialize Biogen’s corporate cyber security strategy,
ensuring strategic objectives are aligned with business outcomes and
regularly reviewed for effectiveness.
 Guide Biogen’s business through cyber security transformation and
enhancement, providing thought leadership and advice to fellow
Biogen leaders.
 Enhance innovation in cyber security to achieve operational
excellence and maximize investment efficiency.

IT & Cyber Security Risk Management

 Understand potential and emerging information security threats,

vulnerabilities, and control techniques.
 Understands the trade-offs required to manage the different levels of
risk appetite and risk exposure across the organization.
 Supports corporate risk leadership to review enterprise IT and cyber
risks, assess capabilities, prioritize security and risk strategies, and
communicate risk intelligence in a way that drives business decision-
making.
 Engages and coordinates cross functional business participation in risk
profiling, investigation, escalation and resolution.
 Provides leadership to individual contributors building risk capabilities
and build program oversight.

CISO Program Governance & Management

 Supports the development, implementation and monitoring of a

comprehensive enterprise information security, compliance and risk
management program.
 Provide leadership for the development of modern cybersecurity
governance, policies and standards which are relevant and achievable
in our modern, digital and cloud focused organization.
 Support bringing together key stakeholders to develop and review
enterprise security strategies and roadmaps.
 Develop and manage information security budgets and monitor them
for variances.
 Coordinate CISO program execution, timelines, deliverables and
information requests across CISO functions and with other IT teams
and business functions.
 Responsible for assuring process effectiveness, measurement and
optimization, including key metrics, KRIs and KPIs.
 Monitor information security trends and evolving technologies; liaise
with external partners, agencies and peers to ensure that the
organization maintains a strong, proactive security posture; keep
senior management informed about information security issues and
implications for the company.

Page 3 of 5 Deputy CISO

  Oversee global security awareness strategy and programs, including
annual employee training and ongoing awareness campaigns.
 Creates and executes a cyber security outreach and engagement
program to improve understanding and alignment in the business
regarding cyber security issues.

Skills, Experience &  Minimum of 8 years’ experience leading global information security
Qualifications programs and applying information security, risk management and
privacy practices.
 Minimum of 8 years practical experience designing and implementing
enterprise information technology security; demonstrates industry
leading security innovation skills and an eye towards understanding
the threat environment from a preventative posture.
 Proven experience interfacing with senior executives at the Board of
Directors and business leader level and communicating complex cyber
security concepts in business-relevant ways
 Strong demonstrated knowledge of enterprise systems, cloud solutions
and IT/security technologies.
 Experience with information disaster recovery planning and testing,
auditing, risk analysis, business system resumption planning, and
contingency planning.
 Business system continuity planning, auditing and risk management
experience as it relates to information security.
 Extensive experience in strategic planning, budgeting and allocation.
 Excellent written and verbal communications skills with experience
presenting to executives and leadership teams with the ability to
communicate security and risk-related concepts to technical and non-
technical audiences.
 Very strong business analysis skills, problem solving techniques, and
follow-up.
 Willing and able to ‘roll up’ sleeves and lead from the front.
 A self-starter with a ‘can-do attitude.
 A driver and implementer who possesses the poise and ability to act
calmly and competently in high-pressure, high-stress situations.
 Experience working with global teams based in Europe, Asia, and the
United States.
 Minimum of 5 years of practical experience working with information
privacy and security laws (such as PCI-DSS, GLBA, FIPS, and data
breach reporting laws), generally accepted information security
principles, and accepted industry practice.
 Experience working with GxP and HIPAA regulations.

Educational & Professional Credentials

 Bachelor’s degree in a relevant discipline.

 Master’s degree in Business Administration, Information Science,
Information Assurance or Policy & Risk Analysis is a strong plus.
 CISSP Certification required; Additional CRISC, CISM, GSLC, CDEPUTY
CISO certifications are favorable credentials as well.

What makes this The successful candidate will enjoy the opportunity to:
opportunity compelling?
 Join a company that is a leader in its field and has a history of
improving population health.
 Work with the CISO to develop a shared vision for a “best in class”
global information security and compliance program.

Page 4 of 5 Deputy CISO

  Ability to interact with senior levels of IT, executive management and
business leaders across the company.
 Career progression: This role is on the CISO successor plan.
 Join a company that views technology as a competitive differentiator.
 Join a culture of innovation, agility, collegiality, professionalism, and
respect.

Interview Process  Two rounds of interviews with Heller Search Associates.

 Candidate presentation to the hiring committee.
 First round of interviews.
 Second round of interviews.
 Background and reference check.
 Offer, acceptance and start.

Contact Information Qualified candidates should contact:

Kelly Doyle
Managing Director
Heller Search Associates
o: 508-366-7005 x506
m: 978-944-6593
kelly@hellersearch.com

Or

Matthew Tzuker
Recruiting Partner
Heller Search Associates
o: 508-366-7005 x510
m: 410-733-4864
matt@hellersearch.com

Page 5 of 5 Deputy CISO