Chief Information Security Officer & Chief Security OfficerIPSEN

Ipsen est un groupe biopharmaceutique mondial de taille moyenne, spécialisé dans les médicaments transformateurs dans trois aires thérapeutiques : l'oncologie, les maladies rares et les neurosciences. Forts de près de 100 ans d'expérience en développement, avec des Hubs mondiaux aux États-Unis, en France et au Royaume-Uni, nous focalisons nos efforts là où les besoins médicaux non satisfaits sont importants, grâce à la recherche et à l'innovation.

Nos équipes passionnées, présentes dans plus de 40 pays, se concentrent sur l'essentiel et s'efforcent chaque jour d'apporter des médicaments aux patients dans 88 pays. Nous construisons un environnement de travail qui met en avant un leadership centré sur l'humain et favorise une culture de collaboration, d'excellence et d'impact. Au sein d'Ipsen, chaque individu est encouragé à être soi-même, à grandir et à s'épanouir aux côtés du succès de l'entreprise. Rejoignez-nous dans notre démarche vers une croissance durable, en créant un impact réel sur les patients et la société.

Pour plus d'informations, visitez notre site web à l'adresse https://www.ipsen.com et suivez nos dernières actualités sur LinkedIn et Instagram.

The Chief Information Security Officer / Chief Security Officer (CISO / CSO) is accountable for security for Ipsen Group. The role holder leads the multidisciplinary Global Security team who cover all aspects of security: cyber, data, manufacturing, physical, anti-counterfeit, travel and corporate investigations. Acting as a figurehead to the Executive, the CSO / CISO is responsible for building out proportionate and effective security controls with key teams (including IT, Real Estate and affiliates) and in line with corporate risk tolerance. A key aspect of the role is leading the detection and response of security incidents (in whatever form) globally and ensuring that Group business priorities can continue without the fear of security compromise. Leading the Global Security team means stretching and retaining a diverse and high performing team, managing budget priorities as well as acting as a figurehead within the General Counsel Leadership Team and broader Global Leadership Team.

Main Responsibilities & Technical Competencies

Enterprise Security Strategy

Define and implement the organisation's global security strategy aligned with enterprise risk management, regulatory obligations, and business priorities.

• Enterprise security architecture and converged security strategy

• Security governance aligned to NIST CSF and related standards

• Enterprise risk assessment and cyber risk quantification

• Security maturity modelling and capability development

• Security investment prioritisation and program governance

Physical Security and Global Security Programs

Establish and maintain a global Site Assurance Program applying proportionate, risk-based physical security standards across facilities and operations.

• Physical security systems including access control, CCTV, and intrusion detection

• Facility risk and vulnerability assessment methodologies

• Integration of physical security monitoring with enterprise security operations

• Security technology platforms and analytics

Executive Protection

Lead a comprehensive Executive Protection Program supporting senior leaders and other high-risk individuals.

• Protective intelligence and threat assessment

• Executive risk management and secure travel planning

• Digital exposure monitoring and threat detection

Global Travel Protection

Protect employees travelling internationally through proactive risk management and rapid incident response.

• Travel risk intelligence platforms and geopolitical monitoring

• Real-time traveller tracking and emergency notification systems

• Crisis coordination and duty-of-care technologies

Security Awareness and Human Risk

Build a strong security culture through targeted, risk-based awareness and education programs.

• Human risk management frameworks

• Phishing simulation and behavioural security analytics

• Enterprise security awareness platforms and program metrics

People-Centred Security Controls

Strengthen organisational resilience through intelligent security controls that reduce human-driven risk.

• Insider threat detection and behavioural monitoring

• Data loss prevention and adaptive authentication technologies

Product Security and Anti-Counterfeit

Protect products, supply chains, and brand integrity from counterfeiting, diversion, and illicit trade.

• Product authentication technologies

• Supply chain security and monitoring frameworks

• Intelligence collection and analysis on illicit trade networks

• Investigative collaboration with regulatory and law enforcement agencies

Corporate Investigations

Oversee global investigative capabilities addressing serious misconduct, fraud, and security incidents.

• Investigation governance frameworks and case management systems

• Digital forensics and evidence handling standards

• Investigative analytics and intelligence reporting

• Development of a global Centre of Investigative Excellence

Cyber Risk Identification

Identify and assess cyber risks to systems, data, and supply chains.

• Enterprise asset and data classification frameworks

• Threat modelling and attack surface management

• Third-party and supply chain security risk assessment

• Regulatory and policy compliance management

Protection and Resilience

Implement controls to protect systems, networks, and information assets.

• Identity and access management and privileged access controls

• Encryption, data protection, and information governance

• Security architecture across cloud, network, endpoint, and OT environments

Detection, Response and Recovery

Ensure rapid detection, containment, and recovery from cyber incidents.

• Security Operations Centre (SOC) operations and SIEM platforms

• Threat intelligence and threat hunting capabilities

• Incident response frameworks and digital forensics

• Disaster recovery and cyber resilience planning

Leadership and Governance

Provide visible leadership for the global security function and serve as the principal advisor on security risk to senior leadership and the Board.

• Set strategic direction and oversee operational performance across all security domains

• Build and develop high-performing multidisciplinary security teams

• Manage security investments, budgets, and resource allocation

• Support the Global Corporate Leadership Team (GCLT)

• Lead engagement with the Global Leadership Team (GLT), Executive Leadership Team (ELT), and Board Committees

• Act as the senior figurehead for security across the Group

• Enterprise security program management

• Security performance metrics and reporting

• Board-level cyber risk communication and governance