Senior Director, Global Data Protection & AI Security

At Regeneron, we are building a dedicated Data Protection function to safeguard the intellectual property, patient data, genomic assets, and proprietary information that underpin our $15B+ revenue pipeline and increasingly global operations. As Regeneron has expanded its commercial, research, and manufacturing presence across Europe, the Asia-Pacific region, and beyond, the regulatory surface for data storage, use, and movement has grown materially. Concurrent growth in data sovereignty requirements, insider risk exposure, and AI-driven data workflows has created an inflection point that demands a dedicated, strategically led function.

The Sr. Director of Global Data Protection and AI Security serves as the Global Data Protection Lead and is accountable for the strategy, architecture, and execution of Regeneron’s enterprise data protection program. This leader drives concepts, techniques, and standards across Data Security Posture Management (DSPM), Data Loss Prevention, Insider Risk, and data classification, working without appreciable direction to identify and evaluate fundamental issues and provide strategy and direction for this major functional area. This role reports directly to the VP & CISO and serves as the principal spokesperson for data protection on highly significant matters, interacting internally and externally with senior management and functional heads.

This is an on-site position 4 days/week primarily based at our Sleepy Hollow, NY or Warren, NJ office. If eligible, we can offer relocation benefits; we cannot offer a fully remote option.

A typical day in this role looks like:

• Determine organizational structures and allocate subordinate management responsibilities across the Global Data Protection function, including DS Consulting, Auto-Classification, Application and API Data Protection, Trusted Share/Data Mover, and DLP Monitoring sub-functions.
• Develop and execute a multi-year data protection strategy aligned to Regeneron’s business strategies and the company’s goals, including a phased roadmap for DSPM coverage expansion, DLP maturity, and insider risk program buildout.
• Serve as a member of, or key advisor to, the Enterprise Data & AI governance council on matters of data protection, privacy security, and AI data risk.
• Develop objectives for the function and monitor performance against goals across all sub-functions, ensuring schedules and performance requirements are met.
• Own the enterprise Data Security Posture Management (DSPM) strategy and program, overseeing the discovery, classification, and risk assessment of Regeneron’s 112+ PB data estate across on-premises, cloud (AWS, Snowflake, Databricks/Unity Catalog), and SaaS environments.
• Direct the phased expansion of Varonis coverage from current M365/O365 scope to Isilon NAS, cloud/IaaS, and additional SaaS platforms in alignment with the Secure Enterprise Data Fabric program roadmap.
• Provide strategy and direction for the full lifecycle of data protection controls spanning data in motion, data at rest, and data in use, across endpoint, cloud, email, and network channels.
• Oversee the development, deployment, and continuous tuning of DLP policies leveraging Microsoft Purview, Zscaler, Varonis, and complementary CASB/SASE capabilities.
• Own the enterprise Insider Risk program strategy, establishing a cross-functional program structure that integrates Human Resources, Legal, Corporate Security, and Security Operations capabilities under a unified operating model.
• Develop and mature the behavioral analytics and detection capability for intentional and accidental data misuse, leveraging Splunk UBA and DLP telemetry to identify anomalous data access, movement, and exfiltration patterns.
• Establish case management, investigation, and escalation protocols for insider risk incidents, ensuring appropriate coordination with HR, Legal, and Corporate Security while preserving investigative integrity and chain of custody.
• Interact regularly with senior management across functional areas to align data protection priorities with business strategies, including IOPS, Research, Commercial, and GCC India leadership.
• Develop and maintain audit-ready documentation, operational metrics, and program reporting for the CISO, Audit Committee, and external regulators.
• Engage external partners, managed security service providers, and industry peers to benchmark program maturity and import current-state threat intelligence relevant to pharmaceutical data protection.

This role might be for you if:

• Hands-on experience auditing AI/ML systems, Leads data protection-by-design across AI and agentic AI systems — covering model training data governance, input/output monitoring, data residency enforcement, and access controls in multi-agent environments.
• Experience in pharmaceutical, biotechnology, or life sciences environments with direct exposure to GxP data integrity requirements, clinical trial data protection, or manufacturing IP security.
• Familiarity with Databricks Unity Catalog, Snowflake, or AWS data lake security architectures as they relate to DSPM and access governance.
• Experience operating or advising on AI data security considerations, including LLM training data governance, model output handling, and AI-specific insider risk vectors.
• Working knowledge of data catalog and metadata governance platforms (Collibra, Privacera) and their role in enforcing data protection policies.
• Relevant certifications: CISSP, CIPP/E, CIPP/US, CDPSE, CIPM, CISM, or equivalent.

This role requires

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Management, or a related field required. An advanced degree (MS, MBA, or equivalent) is preferred.
• 15+ years of progressive experience in information security or data protection, with demonstrated depth in DSPM, DLP, and insider risk disciplines.
• 5+ years in a leadership role with responsibility for a recognized security or data protection function, including people management at the Director or Senior Manager level.
• 3+ years of hands-on experience with enterprise DSPM or DLP platforms in a complex, multi-cloud environment.
• Demonstrated experience leading cross-functional programs involving HR, Legal, Privacy, and Security stakeholders.

Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We have an inclusive culture that provides comprehensive benefits, which vary by location. In the U.S., benefits may include health and wellness programs (including medical, dental, vision, life, and disability insurance), fitness centers, 401(k) company match, family support benefits, equity awards, annual bonuses, paid time off, and paid leaves (e.g., military and parental leave) for eligible employees at all levels! For additional information about Regeneron benefits in the US, please visit For other countries’ specific benefits, please speak to your recruiter.
Please be advised that at Regeneron, we believe we are most successful and work best when we are together. For that reason, many of Regeneron’s roles are required to be performed on-site. Please speak with your recruiter and hiring manager for more information about Regeneron’s on-site policy and expectations for your role and your location.

Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. The Company will also provide reasonable accommodation to the known disabilities or chronic illnesses of an otherwise qualified applicant for employment, unless the accommodation would impose undue hardship on the operation of the Company's business.

For roles in which the hired candidate will be working in the U.S., the salary ranges provided are shown in accordance with U.S. law and apply to U.S.-based positions. For roles which will be based in Japan and/or Canada, the salary ranges are shown in accordance with the applicable local law and currency. If you are outside the U.S, Japan or Canada, please speak with your recruiter about salaries and benefits in your location.

Please note that certain background checks will form part of the recruitment process. Background checks will be conducted in accordance with the law of the country where the position is based, including the type of background checks conducted. The purpose of carrying out such checks is for Regeneron to verify certain information regarding a candidate prior to the commencement of employment such as identity, right to work, educational qualifications etc.

Salary Range (annually)