Job DescriptionOur Business Technology Solutions (BTS) team shapes the digital transformation accelerating the future of medicine at AbbVie, and we do it together, asking bold questions and tackling complex challenges through deep, honest collaboration. In the role of Associate Director, Cybersecurity Posture, Hygiene and AI, you will join a diverse, global organization that invests in your growth while empowering you to lead teams that secure the technologies improving patients' lives.
Role summary This role builds and leads an enterprise security posture and hygiene program with a specific emphasis on configuration drift technologies and services. You are a people manager, accountable for setting direction, developing talent, and delivering sustained program outcomes. You will define the strategy, operating model, metrics, and governance needed to continuously improve control effectiveness across on-premise and cloud environments and ensure AI-enabled workflows operate within enterprise security, privacy, and data protection expectations by detecting misuse, configuration drift, and control gaps.
About our team You will join the Business Technology Solutions (BTS) Information Security and Risk Management (ISRM) organization. Our team focuses on reducing systemic risk by strengthening baseline security controls, improving configuration hygiene, and building scalable programs that enable safe adoption of modern and AI-enabled technologies across the enterprise.
In this role, you will be responsible for - Building and leading a security posture and hygiene program, including strategy, roadmap, operating cadence, governance, and direct people management.
- Managing and developing a multidisciplinary team responsible for control assessments, configuration hygiene, remediation planning, and continuous improvement, including hiring, coaching, performance management, and career development.
- Leveraging AI as an accelerator and enabler to drive speed and efficiency in continuous control monitoring and response
- Integrating posture and hygiene telemetry from AI-enabled tools, custom tools and workflows to detect misuse, configuration drift, and critical control deviations
- Identifying patterns of intentional and unintentional misuse of AI-enabled tools and workflows and translating those findings into preventive, systemic control improvements.
- Developing and maturing a control framework aligned to the Center for Internet Security (CIS) Top 18 Controls and associated safeguards, tailoring implementation guidance to AbbVie environments.
- Establishing a consistent methodology to assess control maturity, identify systemic gaps, and prioritize remediation based on risk and business impact.
- Partnering with infrastructure, cloud, identity, network, endpoint, application, and AI engineering teams to embed secure-by-default configurations and resilient architectures.
- Building metrics, dashboards, and executive-ready reporting that provide actionable insight into posture trends, control effectiveness, and remediation progress.
- Driving enablement by publishing standards, playbooks, and guidance that helps teams design, deploy, and operate securely.
- Continuously evolving the program by staying current on emerging risks related to AI, automation, and modern attack techniques.
Tools and skills you will use in this role - Security control frameworks and maturity models (e.g., CIS Controls).
- Hybrid cloud and enterprise security posture concepts.
- Network and endpoint security posture concepts.
- AI and ML platform security concepts, including data handling, access boundaries, and security guardrails.
Qualifications- Bachelors Degree and 9 years of experience OR Masters Degree and 8 years of experience OR PhD and 4 years of experience
- Proven leadership in cybersecurity, with extensive experience in managing security posture and hygiene strategies within complex and diverse IT environments
- Experience implementing an AI security program across an enterprise.
- Expert knowledge of operating systems, networking protocols, systems administration, X as a service, applications, and security technologies.
- Expert knowledge and application of cybersecurity terminology, concepts, and the cyber threat landscape and attack vectors.
- Deep understanding of risk management principles and the ability to integrate these into security practices.
- Demonstrated ability to innovate and adapt in response to a constantly changing environment.
- Advanced critical thinking, problem solving, and analytical skills
- Strong leadership and collaboration skills with business and technical groups.
- Excellent written and verbal communication and listening skills, with the ability to effectively convey technical insights to technical and non-technical stakeholders.
- Demonstrated ability to interface effectively with clients, IT management, and staff.
- A sincere desire to learn, grow, and go beyond personal capabilities, staying abreast of the latest developments in the cybersecurity landscape .
- Professional cybersecurity certifications (e.g., CISSP, CISM, CIS Controls, etc.) are highly desirable.
Additional InformationApplicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
- The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
- We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
- This job is eligible to participate in our short-term incentive programs.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company's sole and absolute discretion, consistent with applicable law.
