Apply on Employer Site

Kyowa Kirin, Inc.- U.S. · 2 hours ago

Manager, GRC, Awareness and Application Security

Princeton, NJ

Full-time

Hybrid

Senior Level

$135K/yr - $160K/yr

7+ years exp

Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines. They are seeking a forward-thinking Manager, GRC, Awareness & Application Security to lead the security GRC program, develop security policies, and cultivate a security-aware culture across the enterprise.

Pharmaceuticals

H1B Sponsor Likely

Responsibilities

Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards

Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes

Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization

Partner with application teams to embed secure-by-design principles, threat modeling, and DevSecOps practices into SDLC and CI/CD pipelines

Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams

Advance application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams

Develop and maintain dashboards and key risk indicators (KRIs) to measure:

Organizational risk posture and control coverage

Effectiveness of awareness programs (click rates, behavioral metrics, completion trends)

Application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity)

Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context

Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks

Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions

Qualification

GovernanceRiskComplianceApplication SecuritySecurity Awareness ProgramsDevSecOps IntegrationCISSP CertificationCRISC CertificationNIST CSF FrameworkISO 27001 FrameworkVendor Risk ManagementProgram ManagementCommunication SkillsCollaboration Skills

Required

Bachelor's degree in Information Security, Computer Science, Business, or related field required

CISSP, CRISC, or equivalent certification required

At least 7 years of progressive experience in cybersecurity

Hands-on expertise in GRC, security awareness, application security

Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing)

Strong understanding of software development lifecycles, secure coding, and DevSecOps integration

Experience managing vendor and third-party risk, including contract and assessment processes

Familiarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements

Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows

Expertise in Application Security practices, including secure SDLC, DevSecOps integration, and tools such as SAST, DAST, and SCA

Experience developing and executing security awareness and behavior-based education programs using data-driven metrics and analytics

Knowledge of third-party and vendor risk management processes, including assessments, contract reviews, and remediation tracking

Familiarity with regulatory and compliance requirements such as HIPAA, GxP, and 21 CFR Part 11, and with audit and readiness activities in regulated industries

Proficiency in cloud and identity security fundamentals (AWS, Azure, GCP; IAM and Zero Trust concepts)

Preferred

Master's degree preferred

CISM, CSSLP, or other AppSec/GRC certifications preferred

Benefits

401K with company match

Discretionary Profit Share

Annual Bonus Program (Sales Bonus for Sales Jobs)

Generous PTO and Holiday Schedule which includes Summer and Winter Shut-Downs, Sick Days and, Volunteer Days

Healthcare Benefits (Medical, Dental, Prescription Drugs and Vision)

HSA & FSA Programs

Well-Being and Work/Life Programs

Life & Disability Insurance

Concierge Services

Long Term Incentive Program (subject to job level and performance)

Pet Insurance

Tuition Assistance

Employee Referral Awards

Company

Kyowa Kirin, Inc.- U.S.

Kyowa Kirin is a global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines.

Founded in 1949

Princeton, New Jersey, US

501-1000 employees

https://kkna.kyowakirin.com/

H1B Sponsorship

Kyowa Kirin, Inc.- U.S. has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (1)

2022 (1)

2021 (1)