Senior Director, Global Data Protection & AI Security

At Regeneron, we are building a dedicated Data Protection function to safeguard the intellectual property, patient data, genomic assets, and proprietary information that underpin our $15B+ revenue pipeline and increasingly global operations. As Regeneron has expanded its commercial, research, and manufacturing presence across Europe, the Asia-Pacific region, and beyond, the regulatory surface for data storage, use, and movement has grown materially. Concurrent growth in data sovereignty requirements, insider risk exposure, and AI-driven data workflows has created an inflection point that demands a dedicated, strategically led function.

The Sr. Director of Global Data Protection and AI Security serves as the Global Data Protection Lead and is accountable for the strategy, architecture, and execution of Regeneron’s enterprise data protection program. This leader drives concepts, techniques, and standards across Data Security Posture Management (DSPM), Data Loss Prevention, Insider Risk, and data classification, working without appreciable direction to identify and evaluate fundamental issues and provide strategy and direction for this major functional area. This role reports directly to the VP & CISO and serves as the principal spokesperson for data protection on highly significant matters, interacting internally and externally with senior management and functional heads.

This is an on-site position 4 days/week primarily based at our Sleepy Hollow, NY or Warren, NJ office. If eligible, we can offer relocation benefits; we cannot offer a fully remote option.

A typical day in this role looks like:

• Determine organizational structures and allocate subordinate management responsibilities across the Global Data Protection function, including DS Consulting, Auto-Classification, Application and API Data Protection, Trusted Share/Data Mover, and DLP Monitoring sub-functions.
• Develop and execute a multi-year data protection strategy aligned to Regeneron’s business strategies and the company’s goals, including a phased roadmap for DSPM coverage expansion, DLP maturity, and insider risk program buildout.
• Serve as a member of, or key advisor to, the Enterprise Data & AI governance council on matters of data protection, privacy security, and AI data risk.
• Develop objectives for the function and monitor performance against goals across all sub-functions, ensuring schedules and performance requirements are met.
• Own the enterprise Data Security Posture Management (DSPM) strategy and program, overseeing the discovery, classification, and risk assessment of Regeneron’s 112+ PB data estate across on-premises, cloud (AWS, Snowflake, Databricks/Unity Catalog), and SaaS environments.
• Direct the phased expansion of Varonis coverage from current M365/O365 scope to Isilon NAS, cloud/IaaS, and additional SaaS platforms in alignment with the Secure Enterprise Data Fabric program roadmap.
• Provide strategy and direction for the full lifecycle of data protection controls spanning data in motion, data at rest, and data in use, across endpoint, cloud, email, and network channels.
• Oversee the development, deployment, and continuous tuning of DLP policies leveraging Microsoft Purview, Zscaler, Varonis, and complementary CASB/SASE capabilities.
• Own the enterprise Insider Risk program strategy, establishing a cross-functional program structure that integrates Human Resources, Legal, Corporate Security, and Security Operations capabilities under a unified operating model.
• Develop and mature the behavioral analytics and detection capability for intentional and accidental data misuse, leveraging Splunk UBA and DLP telemetry to identify anomalous data access, movement, and exfiltration patterns.
• Establish case management, investigation, and escalation protocols for insider risk incidents, ensuring appropriate coordination with HR, Legal, and Corporate Security while preserving investigative integrity and chain of custody.
• Interact regularly with senior management across functional areas to align data protection priorities with business strategies, including IOPS, Research, Commercial, and GCC India leadership.
• Develop and maintain audit-ready documentation, operational metrics, and program reporting for the CISO, Audit Committee, and external regulators.
• Engage external partners, managed security service providers, and industry peers to benchmark program maturity and import current-state threat intelligence relevant to pharmaceutical data protection.

This role might be for you if:

• Hands-on experience auditing AI/ML systems, Leads data protection-by-design across AI and agentic AI systems — covering model training data governance, input/output monitoring, data residency enforcement, and access controls in multi-agent environments.
• Experience in pharmaceutical, biotechnology, or life sciences environments with direct exposure to GxP data integrity requirements, clinical trial data protection, or manufacturing IP security.
• Familiarity with Databricks Unity Catalog, Snowflake, or AWS data lake security architectures as they relate to DSPM and access governance.
• Experience operating or advising on AI data security considerations, including LLM training data governance, model output handling, and AI-specific insider risk vectors.
• Working knowledge of data catalog and metadata governance platforms (Collibra, Privacera) and their role in enforcing data protection policies.
• Relevant certifications: CISSP, CIPP/E, CIPP/US, CDPSE, CIPM, CISM, or equivalent.

This role requires

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Management, or a related field required. An advanced degree (MS, MBA, or equivalent) is preferred.      
• 15+ years of progressive experience in information security or data protection, with demonstrated depth in DSPM, DLP, and insider risk disciplines.
• 5+ years in a leadership role with responsibility for a recognized security or data protection function, including people management at the Director or Senior Manager level.
• 3+ years of hands-on experience with enterprise DSPM or DLP platforms in a complex, multi-cloud environment.
• Demonstrated experience leading cross-functional programs involving HR, Legal, Privacy, and Security stakeholders.

$242,000.00 - $403,300.00