Job Description
Company Description
About AbbVie
AbbVie’s mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas including immunology, oncology and neuroscience - and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on LinkedIn, Facebook, Instagram, X and YouTube.
Job Description
The Principa l Cybersecurity Advisor, Information Security Strategy & Analytics is a senior individual contributor who partners with the ISRM leadership team, including the CISO, to shape the function’s strategic direction and build the narrative, documentary, and measurement foundation that enables sound executive decision-making. This role translates business priorities, risk insights, regulatory drivers, and delivery realities into security strategy, multi-year roadmaps, investment recommendations, and portfolio narratives that guide leadership decisions.
This role has two defining requirements. First, the ability to communicate complex security strategy clearly, compellingly, and credibly to senior and executive audiences, both in writing and in person. Second, deep enough security practitioner experience to engage with credibility on strategic priorities, risk tradeoffs, and investment decisions without requiring translation. The ideal candidate has lived the work they will now help shape.
Responsibilities
Define and maintain ISRM’s strategic direction, including strategic priorities, target state, and multi-year roadmap, in close partnership with ISRM leadership.
Translate business priorities, threat and risk insights, regulatory drivers, and security delivery realities into strategic recommendations, investment proposals, and tradeoff analyses for leadership decision-making.
Own ISRM’s strategic narrative by developing and continuously improving strategy documentation, roadmap materials, executive communications, and leadership presentations that clearly articulate the function’s direction, progress, and value.
Serve as the primary subject matter expert and content architect for ISRM strategic communications, partnering with enterprise communications teams to ensure strategic messaging is developed and delivered effectively.
Lead the development of ISRM’s strategic inputs to annual planning activities, including Long-Range Planning (LRP) and capital planning, ensuring strategic priorities, investment rationale, and multi-year direction are clearly articulated and satisfied by execution roadmaps and activities.
Synthesize portfolio data, delivery performance, and resource realities into prioritization recommendations, providing leadership with a clear analytical basis for investment and sequencing decisions.
Track ISRM’s security maturity progress against established frameworks such as NIST CSF, partnering with technical teams on assessment preparation and ensuring findings are accurately reflected in strategic priorities, roadmap inputs, and remediation planning.
Actively partner with the ISRM metrics and reporting team to identify, define, and drive meaningful measurement initiatives, such as security hygiene tracking and operational risk reporting, ensuring the metrics roadmap reflects ISRM’s strategic priorities and produces reporting that is decision-relevant at the leadership level.
Evolve ISRM’s strategic planning and prioritization practices, including decision frameworks, investment governance, and planning cadences, in close partnership with the Portfolio Manager who owns delivery governance and PMO standards.
Define and maintain ISRM’s service catalog, establishing clear service definitions, maturity frameworks, and engagement models that accurately reflect ISRM’s capabilities and communicate them effectively to stakeholders.
Qualifications
Bachelor’s Degree and 8 years of experience OR Master’s Degree and 7 years of experience OR PhD and 3 years of experience.
Significant demonstrated experience in information security strategy, security program leadership, or security transformation within a large, complex organization, with enough practitioner depth to engage credibly on priorities, risk tradeoffs, and investment decisions.
Exceptional written communication skills, with a demonstrated track record of developing executive-level strategy documents, roadmaps, decision papers, and governance narratives that influence senior leadership. Strong writing ability is a defining requirement of this role.
Exceptional executive communication and stakeholder engagement skills, with demonstrated ability to influence at the CISO and senior leadership level across technical and non-technical audiences without direct authority.
Demonstrated ability to translate complex technical, operational, financial, and risk information into clear strategic options and actionable recommendations.
Demonstrated experience working with security maturity assessment frameworks such as NIST CSF, including translating assessment findings into strategic priorities, roadmap inputs, and trackable remediation plans.
Strong understanding of security concepts, principles, and frameworks (e.g., NIST CSF, ISO 27001, Zero Trust) and the ability to apply them in strategic planning and investment decisions.
Demonstrated ability to manage ambiguity, synthesize competing priorities, and support high-quality decision-making in fast-moving environments.
Preferred:
Experience in a security strategy, transformation, chief-of-staff, or portfolio leadership role within an Information Security, Cybersecurity, or IT Risk organization.
Experience supporting CISO-level governance, executive planning forums, or enterprise risk discussions.
Experience developing multi-year security roadmaps, service strategies, operating model materials, or investment cases.
Experience in a technical security leadership, security architecture, engineering, or cyber defense role that required deep understanding of security technologies, control domains, and implementation considerations.
Familiarity with data and analytics concepts, metrics frameworks, or reporting practices sufficient to engage as an active partner to analytics and reporting teams.
Experience supporting globally distributed teams and stakeholders.
Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of thisposting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location,and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our long-term incentive programs.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission,incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company’s sole and absolute discretion unless anduntil paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html
