Head of IT Security

PTC Therapeutics is a global commercial biopharmaceutical company. For over 25 years our team has been deeply committed to a unified purpose : Extending life's moments for children and adults living with a rare disease.

At PTC, we cultivate an inclusive culture where everyone feels valued, respected, and empowered. We welcome candidates from all backgrounds to join our team , fostering a strong sense of belonging.

Visit our website to learn more about our company and culture!

Site : www.ptcbio.com

Job Description Summary :

The Head of IT Security is responsible for leading and managing all functions within the Information Security Program. This role involves developing the strategic roadmap and overseeing the effective daily operations of PTC's Security Program concerning Security Operations, Governance, Risk, and Compliance. Collaboration with the Head of Security Operations and Architecture is essential to ensure the Security Program runs smoothly.

In partnership with various departments such as Business, IT, Data Privacy, Legal, and Compliance, the individual ensures the implementation and adherence to Data Security procedures, aligning them with IT Security governance policies and procedures. As a key leader, this individual actively fosters a culture of information security throughout the enterprise.

The individual assists in implementing security controls, creating security policies, managing vendor risks, raising cyber security awareness, monitoring and responding to security incidents, ensuring data security and classification, and maintaining compliance.

Utilizing expertise in Networking, Identity and Access Management (IAM), Lightweight Directory Access Protocol (LDAP) servers, Data Loss Prevention (DLP), Microsoft Azure, Amazon Web Services (AWS), and databases, the individual develops solutions and mentors' staff and teams.

The role requires cross-functional collaboration with internal departments and external resources to address security risks. The individual must be capable of presenting information related to the security program and its maturity to executive leadership and board members.

The Head of IT Security ensures compliance with relevant regulatory requirements and company Standard Operating Procedures (SOPs) as applicable.

Job Description :

KNOWLEDGE / SKILLS / ABILITIES REQUIRED

Stays updated on security trends and the evolving threat landscape, actively engaging with vendors to understand security roadmaps, technology directions, and investments aimed at enhancing security capabilities and delivering cost-effective solutions.

• Creates high-quality documentation for strategic security vision, encompassing blueprints, standards, and frameworks that align with the overall business strategy.
• Leads the development and updating of standards and reference materials, ensuring compliance with regulations mandated by various authorities.
• Establishes, implements, and oversees a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
• Collaborates across departments to ensure effective security processes and procedures.
• Focus on strategy, planning, and operational excellence through continuous improvement and automation.
• Manages the administration of all information security technology platforms, ensuring optimal configuration and maintenance for maximum uptime and protection of the organization's information systems.
• Plays a key role in selecting new information security tools and technologies.
• Conducts regular technical risk assessments and audits of systems and processes.
• Manages the IT security organization, including hiring, training, staff development, and other managerial responsibilities.
• Coordinates with internal teams as needed, overseeing annual audits and reporting requirements.
• Develops, maintains, and disseminates up-to-date security policies, standards, and guidelines, overseeing training and distribution of security practices.
• Provides tactical leadership for all information security platforms.
• Acts as the escalation point for internal and external breaches, including those involving third parties.
• Leads the response and containment of information security incidents.
• Takes charge in developing and managing information security programs, including awareness initiatives, vulnerability management, vendor risk management, and risk management.
• Responsible for initial and periodic information security risk assessment, analysis, mitigation, and remediation.
• Assists in developing and transferring knowledge to IT team members and other enterprise groups.
• Performs additional tasks and assignments as specified by management.
• Minimum level of education and years of relevant work experience.
• A bachelor's degree in computer science, Information Systems or other related field and a minimum of 15+ years of progressively responsible leadership experience, preferably in a pharmaceutical, biotechnology or other regulated environment OR equivalent experience and / or education.
• Special knowledge or skills needed and / or licenses or certificates required.
• Over 15+ years of experience in hands-on roles focused on Privacy, Data Protection, or Data Security or Security Operations.
• Strong understanding of global data privacy regulations and guidelines, such as GDPR, CCPA, and PIPEDA.
• Proficiency with Data Loss Prevention tools, including network, endpoint, and cloud-based DLP solutions.
• Relevant experience in designing, implementing, and supporting large-scale solutions.
• Skilled in drafting standards, reference architecture, policies, procedures, and implementation guidelines.
• Exceptional writing skills tailored for technical, management, and executive audiences.
• Effective communication skills, including oral presentations and the ability to present to executive leadership.
• Proven experience in managing multiple concurrent issues under high-pressure situations.
• High proficiency in Cryptographic Services.
• Experience with cloud environments like Azure and Amazon Web Services.
• CISSP, CISM, CISA, GIAC, GPEN, or PMP certification is preferred.
• Proficiency in Microsoft Office.
• Excellent verbal and written communication and presentation skills.
• Ability to work independently and collaboratively in a fast-paced, matrixed team environment with internal and external members.
• Analytical thinker with strong problem-solving skills, adaptable to changing priorities and deadlines.
• Excellent planning, organizational, and time management skills, including the ability to support and prioritize multiple projects.
• Travel requirements
• Up to 10% of travel
• Office based position.

Expected Base Salary Range :

$229,200 - $310,000. The base salary offered will be contingent on assessment of candidate education level, background, and experience relative to the requirements of the position they are being considered for, as well as review of internal equity.

In addition to base salary, PTC employees are also eligible for short- and long-term incentives. All eligible employees may also enroll in PTC's medical, dental, vision, and retirement savings plans.

EEO Statement :

PTC Therapeutics is an equal opportunity employer. We welcome applications from all individuals, regardless of race, color, national origin, gender, age, physical characteristics, social origin, disability, religion, family status, pregnancy, sexual orientation, gender identity, gender expression, disability, veteran status or any unlawful criterion under applicable law. We are committed to treating all applicants fairly and avoiding discrimination.

Click here to return to the careers page