Cybersecurity Governance Head

• Bachelor’s or Master’s degree in Cybersecurity, Risk Management, IT, or a related field.
• 7+ years of experience in Security Governance or Risk Management, including at least 3 years in a leadership role.
• Strong knowledge of the EU AI Act, NIST AI Risk Management Framework, ISO/IEC 27001, and NIS2 requirements.
• Practical experience building governance frameworks within regulated industries such as pharmaceutical or manufacturing environments.
• Understanding of AI/LLM technologies and associated risks, including Shadow AI and prompt injection.
• Experience managing awareness metrics, phishing simulation programs, and security governance KPIs.
• Strong leadership skills with the ability to translate strategic objectives into operational execution across multidisciplinary teams.
• Fluent English proficiency.

Nice to have:

• Certifications such as CAIP, CIPP/E, CGEIT, or similar governance and AI-related credentials.
• Experience in AI governance, enterprise risk management, or regulated OT environments.

• Define and implement AI governance strategy, policies, and compliance frameworks across IT/OT environments.
• Lead Governance, Risk, and Awareness initiatives, ensuring continuous audit readiness and automation of compliance processes (Compliance-as-Code).
• Oversee cybersecurity awareness programs focused on NIS2 compliance, phishing resilience, Shadow AI risks, and prompt injection threats.
• Collaborate with security and portfolio teams to ensure “Security by Design” principles are embedded into projects and investment decisions.
• Manage technology risk acceptance processes and security policy exceptions within regulated pharmaceutical and manufacturing environments.
• Identify and mitigate risks related to unauthorized AI usage and public AI tools in cooperation with Data Protection Officers (DPIA).
• Supervise remediation of audit findings and report compliance, risk, and behavioral security metrics to executive leadership and Risk Committees.
• Drive continuous adaptation of internal security policies to evolving regulatory requirements, including NIS2, ISO 27001, and the EU AI Act.