Senior Director, Global Data Protection & AI Security

At Regeneron, we are building a dedicated Data Protection function to safeguard the intellectual property, patient data, genomic assets, and proprietary information that underpin our $15B+ revenue pipeline and increasingly global operations. As Regeneron has expanded its commercial, research, and manufacturing presence across Europe, the Asia-Pacific region, and beyond, the regulatory surface for data storage, use, and movement has grown materially. Concurrent growth in data sovereignty requirements, insider risk exposure, and AI-driven data workflows has created an inflection point that demands a dedicated, strategically led function.

The Sr. Director of Global Data Protection and AI Security serves as the Global Data Protection Lead and is accountable for the strategy, architecture, and execution of Regeneron’s enterprise data protection program. This leader drives concepts, techniques, and standards across Data Security Posture Management (DSPM), Data Loss Prevention, Insider Risk, and data classification, working without appreciable direction to identify and evaluate fundamental issues and provide strategy and direction for this major functional area. This role reports directly to the VP & CISO and serves as the principal spokesperson for data protection on highly significant matters, interacting internally and externally with senior management and functional heads.

This is an on-site position 4 days/week primarily based at our Sleepy Hollow, NY or Warren, NJ office. If eligible, we can offer relocation benefits; we cannot offer a fully remote option.

A typical day in this role looks like:

• Determine organizational structures and allocate subordinate management responsibilities across the Global Data Protection function, including DS Consulting, Auto-Classification, Application and API Data Protection, Trusted Share/Data Mover, and DLP Monitoring sub-functions.
• Develop and execute a multi-year data protection strategy aligned to Regeneron’s business strategies and the company’s goals, including a phased roadmap for DSPM coverage expansion, DLP maturity, and insider risk program buildout.
• Serve as a member of, or key advisor to, the Enterprise Data & AI governance council on matters of data protection, privacy security, and AI data risk.
• Develop objectives for the function and monitor performance against goals across all sub-functions, ensuring schedules and performance requirements are met.
• Own the enterprise Data Security Posture Management (DSPM) strategy and program, overseeing the discovery, classification, and risk assessment of Regeneron’s 112+ PB data estate across on-premises, cloud (AWS, Snowflake, Databricks/Unity Catalog), and SaaS environments.
• Direct the phased expansion of Varonis coverage from current M365/O365 scope to Isilon NAS, cloud/IaaS, and additional SaaS platforms in alignment with the Secure Enterprise Data Fabric program roadmap.
• Provide strategy and direction for the full lifecycle of data protection controls spanning data in motion, data at rest, and data in use, across endpoint, cloud, email, and network channels.
• Oversee the development, deployment, and continuous tuning of DLP policies leveraging Microsoft Purview, Zscaler, Varonis, and complementary CASB/SASE capabilities.
• Own the enterprise Insider Risk program strategy, establishing a cross-functional program structure that integrates Human Resources, Legal, Corporate Security, and Security Operations capabilities under a unified operating model.
• Develop and mature the behavioral analytics and detection capability for intentional and accidental data misuse, leveraging Splunk UBA and DLP telemetry to identify anomalous data access, movement, and exfiltration patterns.
• Establish case management, investigation, and escalation protocols for insider risk incidents, ensuring appropriate coordination with HR, Legal, and Corporate Security while preserving investigative integrity and chain of custody.
• Interact regularly with senior management across functional areas to align data protection priorities with business strategies, including IOPS, Research, Commercial, and GCC India leadership.
• Develop and maintain audit-ready documentation, operational metrics, and program reporting for the CISO, Audit Committee, and external regulators.
• Engage external partners, managed security service providers, and industry peers to benchmark program maturity and import current-state threat intelligence relevant to pharmaceutical data protection.

This role might be for you if:

• Hands-on experience auditing AI/ML systems, Leads data protection-by-design across AI and agentic AI systems — covering model training data governance, input/output monitoring, data residency enforcement, and access controls in multi-agent environments.
• Experience in pharmaceutical, biotechnology, or life sciences environments with direct exposure to GxP data integrity requirements, clinical trial data protection, or manufacturing IP security.
• Familiarity with Databricks Unity Catalog, Snowflake, or AWS data lake security architectures as they relate to DSPM and access governance.
• Experience operating or advising on AI data security considerations, including LLM training data governance, model output handling, and AI-specific insider risk vectors.
• Working knowledge of data catalog and metadata governance platforms (Collibra, Privacera) and their role in enforcing data protection policies.
• Relevant certifications: CISSP, CIPP/E, CIPP/US, CDPSE, CIPM, CISM, or equivalent.

This role requires

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Management, or a related field required. An advanced degree (MS, MBA, or equivalent) is preferred.
• 15+ years of progressive experience in information security or data protection, with demonstrated depth in DSPM, DLP, and insider risk disciplines.
• 5+ years in a leadership role with responsibility for a recognized security or data protection function, including people management at the Director or Senior Manager level.
• 3+ years of hands-on experience with enterprise DSPM or DLP platforms in a complex, multi-cloud environment.
• Demonstrated experience leading cross-functional programs involving HR, Legal, Privacy, and Security stakeholders.

Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We are committed to building a workplace with an inclusive culture. Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, sexual orientation, gender identity or expression, gender reassignment, marital or civil partnership status, civil status, pregnancy or parental status, age, disability, nationality, citizenship status, ethnic or national origin, membership of the Traveler community, familial status, genetic information, military or veteran status, or any other characteristic protected under applicable law. Where required, we will provide reasonable accommodation to applicants with known disabilities or chronic illnesses during the recruitment process, unless such accommodation would impose undue hardship.

Where necessary, we disclose salary ranges for roles in all countries in which we operate. The final offer will be determined within the relevant range based on the country of employment, specific role level, and your skills and experience. In some countries, collective bargaining agreements (CBAs) may apply and influence certain elements of pay or benefits. Regeneron offers a competitive and comprehensive total rewards package which may include, depending on country and role: annual bonuses or other incentive plans, equity awards, pension or retirement benefits, 401(k) company match, health and wellness programs, fitness centers, insurance benefits (e.g. medical, dental, vision, life and disability), paid time off, and family support benefits. For additional information about Regeneron benefits in the U.S., please visit https://careers.regeneron.com/en/working-at-regeneron/total-rewards/. For other locations, additional information will be provided during the recruitment process. If you have any questions, please speak with your recruiter.

Please be advised that at Regeneron, we believe we do our best work when we are together. For that reason, many roles are required to be performed on‑site. Please speak with your recruiter and hiring manager for more information about on‑site expectations for your role and location.

As part of the recruitment process, certain background checks may be conducted in accordance with the laws of the country where the position is based. The purpose of such checks is to verify certain information prior to the commencement of employment such as identity, right to work and educational qualifications.

For jobs in Canada: this posting is for an existing position.

Salary Range (annually)