×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant Data Security

Manager, GRC, Awareness and Application Security

Job in Princeton, Mercer County, New Jersey, 08543, USA
Listing for: Kyowa Kirin, Inc.- U.S.
Full Time position
Listed on 2025-12-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant, Data Security
Job Description & How to Apply Below

Manager, GRC, Awareness and Application Security

Kyowa Kirin is a fast-growing global specialty pharmaceutical company that applies state-of-the-art biotechnologies to discover and deliver novel medicines in four disease areas: bone and mineral; intractable hematologic; hematology oncology; and rare disease. A Japan-based company, our goal is to translate science into smiles by delivering therapies where no adequate treatments currently exist, working from drug discovery to product development and commercialization.

In North America, we are headquartered in Princeton, NJ, with offices in California, North Carolina, and Mississauga, Ontario.

Summary:

We are seeking a forward-thinking Manager, GRC, Awareness & Application Security to join our Global Information Security team. This role leads a unified function that embeds risk management, policy governance, and application security into daily business and development activities, while cultivating a strong security-aware culture across the enterprise. The ideal candidate combines deep technical acumen with strong communication and program management capabilities to bridge governance, culture, and technical execution.

Essential Functions:

  • Lead the North America security GRC program, ensuring alignment with global frameworks, enterprise risk appetite and reporting standards.
  • Develop, implement, and maintain security policies and standards, integrating them into GRC tooling, develop workflows, and operational processes.
  • Design and deliver a data-driven, behavior-based security awareness and education program tailored to various user groups across the organization.
  • Partner with application teams to embed secure-by-design principles, threat modeling, and Dev Sec Ops  practices into SDLC and CI/CD pipelines.
  • Oversee third-party risk management activities, including security due diligence, vendor assessments, and remediation tracking in collaboration with Legal and Procurement and IT teams.
  • Advance application security maturity by implementing tools such as SAST, DAST, and/or SCA, and ensuring remediation processes are embedded within engineering teams.
  • Develop and maintain dashboards and key risk indicators (KRIs) to measure: organizational risk posture and control coverage; effectiveness of awareness programs (click rates, behavioral metrics, completion trends); and application security maturity (vulnerabilities identified/prevented, developer engagement, remediation velocity).
  • Provide clear, actionable insights to leadership, transforming complex risk and technical data into meaningful business context.
  • Support internal and external audits, regulatory assessments, and compliance readiness activities across GxP, HIPAA, and data protection frameworks.
  • Collaborate closely with global peers to harmonize governance, risk, and application security practices across all regions.

Requirements:

Education
Bachelor’s degree in Information Security, Computer Science, Business, or related field required;
Master’s degree preferred.

Certifications

Required:

CISSP, CRISC, or equivalent;
Preferred: CISM, CSSLP, or other App Sec/GRC certifications.

Experience
At least 7 years of progressive experience in cybersecurity, with hands-on expertise in the following domains: GRC, security awareness, application security;
Demonstrated experience managing enterprise-wide risk or awareness programs within a regulated environment (pharma, biotech, healthcare, or manufacturing);
Strong understanding of software development life cycles, secure coding, and Dev Sec Ops  integration;
Experience managing vendor and third-party risk, including contract and assessment processes;
Familiarity with frameworks such as NIST CSF, ISO 27001, and FDA/GxP compliance requirements.

Technical Skills

• Strong proficiency in Governance, Risk, and Compliance (GRC) frameworks (NIST CSF, ISO 27001, CIS Controls) and integration with enterprise GRC platforms and workflows.

• Expertise in Application Security practices, including secure SDLC, Dev Sec Ops  integration, and tools such as SAST, DAST, and SCA.

• Experience developing and executing security awareness and behavior-based education programs using data-driven metrics…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search