About AbbVie

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas including immunology, oncology and neuroscience - and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us atwww.abbvie.com. Follow @abbvie onLinkedIn,Facebook,Instagram,XandYouTube.

The PrincipalCybersecurity Advisor, Information Security Strategy & Analytics is a senior individual contributor who partners with the ISRM leadership team, including the CISO, to shape the function's strategic direction and build the narrative, documentary, and measurement foundation that enables sound executive decision-making. This role translates business priorities, risk insights, regulatory drivers, and delivery realities into security strategy, multi-year roadmaps, investment recommendations, and portfolio narratives that guide leadership decisions.

This role has two defining requirements. First, the ability to communicate complex security strategy clearly, compellingly, and credibly to senior and executive audiences, both in writing and in person. Second, deep enough security practitioner experience to engage with credibility on strategic priorities, risk tradeoffs, and investment decisions without requiring translation. The ideal candidate has lived the work they will now help shape.

Responsibilities

• Define and maintain ISRM's strategic direction, including strategic priorities, target state, and multi-year roadmap, in close partnership with ISRM leadership.

• Translate business priorities, threat and risk insights, regulatory drivers, and security delivery realities into strategic recommendations, investment proposals, and tradeoff analyses for leadership decision-making.

• Own ISRM's strategic narrative by developing and continuously improving strategy documentation, roadmap materials, executive communications, and leadership presentations that clearly articulate the function's direction, progress, and value.

• Serve as the primary subject matter expert and content architect for ISRM strategic communications, partnering with enterprise communications teams to ensure strategic messaging is developed and delivered effectively.

• Lead the development of ISRM's strategic inputs to annual planning activities, including Long-Range Planning (LRP) and capital planning, ensuring strategic priorities, investment rationale, and multi-year direction are clearly articulatedandsatisfied by execution roadmaps and activities.

• Synthesize portfolio data, delivery performance, and resource realities into prioritization recommendations, providing leadership with a clear analytical basis for investment and sequencing decisions.

• Track ISRM's security maturity progress against established frameworks such as NIST CSF, partnering with technical teams on assessment preparation and ensuring findings are accurately reflected in strategic priorities, roadmap inputs, and remediation planning.

• Actively partner with the ISRM metrics and reporting team toidentify, define, and drive meaningful measurement initiatives, such as security hygiene tracking and operational risk reporting, ensuring the metrics roadmap reflects ISRM's strategic priorities and produces reporting that is decision-relevant at the leadership level.

• Evolve ISRM's strategic planning and prioritization practices, including decision frameworks, investment governance, and planning cadences, in close partnership with the Portfolio Manager who owns delivery governance and PMO standards.

• Define and maintain ISRM's service catalog,establishingclear service definitions, maturity frameworks, and engagement models that accurately reflect ISRM's capabilities and communicate them effectively to stakeholders.

• Bachelor's Degree and 8 years ofexperienceOR Master's Degree and 7 years ofexperienceORPhDand 3 years of experience.

• Significant demonstrated experience in information security strategy, security program leadership, or security transformation within a large, complex organization, with enough practitioner depth to engage credibly on priorities, risk tradeoffs, and investment decisions.

• Exceptional written communication skills, with a demonstratedtrack recordof developing executive-level strategy documents, roadmaps, decision papers, and governance narratives that influence senior leadership. Strong writing ability is a defining requirementofthis role.

• Exceptional executive communication and stakeholder engagement skills, withdemonstratedability toinfluence atthe CISO and senior leadership level across technical and non-technical audiences without direct authority.

• Demonstrated ability to translate complex technical, operational, financial, and risk information into clear strategic options and actionable recommendations.

• Demonstrated experience working with security maturity assessment frameworks such as NIST CSF, including translating assessment findings into strategic priorities, roadmap inputs, and trackable remediation plans.

• Strong understanding of security concepts, principles, and frameworks (e.g., NIST CSF, ISO 27001, Zero Trust) and the ability to apply them in strategic planning and investment decisions.

• Demonstrated ability to manage ambiguity, synthesize competing priorities, and support high-quality decision-making in fast-moving environments.

Preferred:

• Experience in a security strategy, transformation, chief-of-staff, or portfolio leadership role within an Information Security, Cybersecurity, or IT Risk organization.

• Experience supporting CISO-level governance, executive planning forums, or enterprise risk discussions.

• Experience developing multi-year security roadmaps, service strategies, operating model materials, or investment cases.

• Experience in a technical security leadership, security architecture, engineering, or cyber defense role thatrequireddeep understanding of security technologies, control domains, and implementation considerations.

• Familiarity with data and analytics concepts, metrics frameworks, or reporting practices sufficient to engage as an active partner to analytics and reporting teams.

• Experience supporting globally distributed teams and stakeholders.

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state orlocal law:

• The compensation range described below is the range of possible base pay compensation that the Companybelieves ingood faith it will pay for this role at the timeof thisposting based on the job grade for this position.Individualcompensation paid within this range will depend on many factors including geographic location,andwemayultimatelypaymore or less than the posted range. This range may bemodifiedin thefuture.

• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick),medical/dental/visioninsurance and 401(k) to eligibleemployees.

• This job is eligible toparticipatein our long-term incentiveprograms.

Note: No amount of payis considered to bewages or compensation until such amount is earned, vested, anddeterminable.The amount and availability of any bonus,commission,incentive, benefits, or any other form ofcompensation and benefitsthat are allocable to a particular employeeremainsin the Company's sole andabsolutediscretion unless anduntil paid andmay bemodifiedat the Companys sole and absolute discretion, consistent withapplicable law.

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.

US & Puerto Rico only - to learn more, visithttps://www.abbvie.com/join-us/equal-employment-opportunity-employer.html

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html