Director - Governance, Risk, Compliance (GRC) Technology, Metrics & Automation

ROLE SUMMARY
Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer's organization.
We are seeking an experienced Director of GRC Technology, Metrics & Automation to lead and advance the organization's cybersecurity governance, risk, and compliance technology ecosystem. The ideal candidate will be responsible for overseeing and optimizing GRC platforms, automation capabilities, and digital enablement strategies that support cybersecurity, data protection, and regulatory compliance across a highly regulated environment. This role will provide strategic leadership in modernizing tooling, improving control monitoring capabilities, and enabling consistent, data‑driven risk management across the enterprise.
This role partners broadly across business units and technology functions to understand requirements, evaluate risks, and ensure GRC technology solutions align with internal policies and global regulatory expectations. The Director, GRC Technology Enablement will champion platform adoption, deliver scalable and integrated capabilities, and guide senior leaders in leveraging GRC technologies to enhance transparency, strengthen assurance, and support informed decision‑making.
ROLE RESPONSIBILITIES

• Lead the enterprise GRC technology enablement program, ensuring scalable, integrated platforms that support risk, compliance, and cybersecurity objectives.
• Establish and maintain technology‑driven processes, workflows, and automation capabilities that strengthen GRC frameworks and regulatory alignment.
• Drive consistent, data‑driven risk decision making by enabling enterprise controls, automated monitoring, and enhanced reporting across business and technology functions.
• Partner with senior leaders across R&D, Manufacturing, Commercial, Digital, and Corporate functions to understand requirements and deliver GRC technology solutions that support strategic risk mitigation.
• Advise executives and stakeholders on GRC technology capabilities, platform insights, emerging technology risks, and opportunities for automation and optimization.
• Oversee GRC platforms and integrations to ensure cybersecurity, data protection, and compliance requirements are operationalized efficiently and sustainably.
• Champion a culture of technology‑enabled accountability, transparency, and continuous improvement across all GRC processes.
• Align GRC technology solutions with global regulations, industry frameworks, and pharmaceutical expectations to support GxP system oversight, data integrity, and patient safety.
• Evaluate the effectiveness of GRC technology programs, measuring platform performance, adoption, and control assurance to inform leadership decisions.
• Collaborate with cross‑functional technology and business teams to enhance GRC capability maturity, drive platform adoption, and strengthen organizational resilience through effective enablement.

RESOURCES MANAGED
Manages a team of 2-3 direct reports and ad-hoc contractor teams.
BASIC QUALIFICATIONS

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field.
• 10+ years of progressive experience in cybersecurity, governance, risk management, or compliance roles.
• 5+ years of leadership experience overseeing technology-enabled GRC, automation, or platform-driven risk and compliance programs at scale.
• Hands‑on experience implementing or managing enterprise GRC platforms, such as Archer, or equivalent.
• AI enablement and integration experience, especially with GRC platforms.
• Experience designing automated workflows, integrations, and control monitoring across complex IT and business environments.
• Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001) and how they translate into GRC tooling.
• Prior experience modernizing GRC capabilities through digitization, automation, analytics, and continuous control monitoring.
• Background working in highly regulated industries, preferably pharmaceutical, life sciences,healthcare, or manufacturing.
• Proven ability to influence and collaborate with senior leaders, architects, engineering teams, and cross‑functional business partners.
• Experience managing large‑scale technology enablement programs, including platform roadmaps, governance models, and enterprise adoption.
• Strong data and analytics mindset, with experience leveraging dashboards and reporting to drive insights and decision making.
• API integration experience

PREFERRED QUALIFICATIONS

• Professional certifications: CISSP, CISM, CRISC or similar.
• Experience using GRC tools (e.g., Archer) and other automations (AI, analytics, etc).
• Excellent strategic thinking.
• Deeply analytical and credible.
• Fact-based decision-making grounded in metrics, dashboards, and platform insights.
• Ability to challenge, influence, and support senior leadership.
• Excellent communication and presentation skills.
• Ability to bring structure to ambiguous technology and process problems.
• Resourceful, self-motivated, and proactive - strong drive for excellence.

OTHER INFO

• Travel as required by the business (less than 20% domestic and/or international).
• Work Location Assignment: Must be able to work in assigned Pfizer office 2-3 days per week, or as needed by the business.
• This role is NOT remote. Work Location Assignment: Hybrid.

Purpose
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let's start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms - allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
Disability Inclusion
Our mission is unleashing the power of all our people and we are proud to be a disability inclusive employer, ensuring equal employment opportunities for all candidates. We encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments to support your application and future career. Your journey with Pfizer starts here!
Information & Business Tech