Sr. Director, Governance, Risk & Compliance

Overview Alnylam is pioneering RNA interference (RNAi) therapeutics and scaling for impact to millions of patients. Our Cybersecurity organization is evolving to match that ambition, and we are seeking a Senior Director of Governance, Risk & Compliance (GRC) to define, lead, and mature the governance, risk management, and compliance capabilities that protect our science, enable our business, and meet global regulatory obligations. Reporting directly to the VP/CISO, this leader will own Alnylam’s enterprise cyber risk management, regulatory compliance, and security governance programs. The Senior Director will be accountable for establishing a scalable, risk‑driven GRC operating model aligned with NIST CSF v2.0, Alnylam’ enterprise risk management (ERM) program and applicable biotech and pharmaceutical regulations. This role balances strategic leadership with hands‑on execution, partnering across the business and IT functions This is a hybrid role primarily based in our Cambridge, MA office. Responsibilities * Lead and evolve Alnylam’s enterprise GRC program. * Define and execute a multi-year cyber risk and compliance maturity roadmap aligned to NIST CSF v2.0, enterprise risk management (ERM), regulatory requirements, and business priorities. * Own the cyber risk management lifecycle, including risk identification, assessment, prioritization, treatment, and executive-level reporting. * Establish and maintain security governance frameworks, policies, standards, and exception management processes. * Provide cybersecurity governance and risk oversight for GxP-regulated systems, ensuring alignment with data integrity, validation expectations, IT SDLC practices, and quality requirements across research, clinical, manufacturing, and quality operations. * Ensure security policies, standards, and risk decisions appropriately account for validated system constraints, change control requirements, and inspection readiness. * Oversee regulatory and compliance activities related to HIPAA, SOX, FDA-adjacent biotech regulations, computer system validation (CSV), privacy requirements, and emerging regulations (e.g., NIS2). * Lead internal and external audits, inspections, and assurance activities, including management of findings, remediation plans, and executive reporting. * Own and mature the third-party risk management (TPRM) program. * Embed cybersecurity risk considerations into system lifecycle and validation activities. * Define and track risk-based metrics and key risk indicators (KRIs) focused on outcomes, maturity, and remediation effectiveness rather than control volume. * Build and lead a high-performing GRC organization, fostering a culture of accountability, rigor, and strong cross-functional partnership. * Deliver clear, actionable executive- and board-level reporting Qualifications * Bachelor’s degree in a relevant field; advanced degree (MBA, Master’s, JD) preferred. * 15+ years of progressive experience in cybersecurity, risk management, compliance, or audit. * 10+ years of leadership experience building and leading GRC, risk, or compliance teams. * Deep knowledge of NIST CSF, NIST 800-53, ISO 27001, and ERM frameworks. * Experience operating GRC programs in regulated environments such as biotech, pharma, healthcare, or life sciences. * Strong ability to translate complex risk topics for executive and board-level audiences. * Industry certifications such as CISSP, CISM, CRISC, or CISA strongly preferred. * Proven ability to influence across Security, IT, Legal, Audit, and business stakeholders. U.S. Pay Range $229,500.00 - $310,500.00 The pay range reflects the full-time base salary range we expect to pay for this role at the time of posting. Base pay will be determined based on a number of factors including, but not limited to, relevant experience, skills, and education. This role is eligible for an annual short-term incentive award (e.g., bonus or sales incentive) and an annual long-term incentive award (e.g., equity). Alnylam’s robust Total Rewards package is designed to support your overall health and well-being. We offer comprehensive benefits including medical, dental, and vision coverage, life and disability insurance, a lifestyle reimbursement program, flexible spending and health savings accounts and a 401(k)with a generous company match. Eligible employees enjoy paid time off, wellness days, holidays, and two company-wide recharge breaks. We also offer generous family resources and leave. Our commitment to your well-being reflects our belief that caring for our people fuels the impact we create together. Learn more about these and additional benefits offered by Alnylam by visiting the Benefits section of the Careers website: https://www.alnylam.com/careers About Alnylam We are the leader in RNAi therapeutics – a revolutionary approach with the potential to transform the lives of people with rare and common diseases. Built on Nobel Prize-winning science, Alnylam has delivered the breakthroughs that made RNAi therapeutics possible and are just at the beginning of what’s possible. Our deep pipeline, late-stage programs, and bold vision reflect our core values: fierce innovation, passion for excellence, purposeful urgency, open culture and commitment to people. We're proud to be a globally recognized top employer, where an authentic, inclusive culture and breakthrough thinking fuel one another. At Alnylam, we commit to an inclusive recruitment process and equal employment opportunity. Qualified applicants will receive consideration for employment without regard to their sex, gender or gender identity, sexual orientation, race, color, ethnicity, national origin, ancestry, citizenship, religion, creed, physical or mental disability, pregnancy status or related conditions, genetic information, veteran or military status, marital or familial status, political affiliation, age, or any other factor protected by federal, state, or local law. Alnylam is an E-Verify Employer.