Director, Cyber Security Solutions & Innovation – GITC

Leverage Technology to Impact Patients and Ultimately Save Lives

Do you have expertise in, and passion for, cyber security? Would you like to apply your expertise to impact IT and product security in a company that follows the science and turns ideas into life-changing medicines? If so, AstraZeneca might be the one for you!

ABOUT ASTRAZENECA

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development, and commercialization of prescription medicines for some of the world's most serious diseases. But we're more than one of the world's leading pharmaceutical companies. At AstraZeneca, we're dedicated to being a Great Place to Work.

ABOUT OUR TEAM

It's a dynamic environment to work in – but that's why we like it. There are countless opportunities to learn and grow, whether that's exploring new technologies in hackathons or redefining the roles and work of colleagues. Shape your own path, with support all the way. A diverse set of minds that work across functions and broadly together.

About the Role

Our increased focus on Digital, AI & ML, Data & Data Science, along with joint ventures and collaboration with third parties, are creating new opportunities within the Cyber Security team to enable AstraZeneca.

We are looking for an experienced cybersecurity specialist who can help us on the journey through this challenging and ever-changing cyber technology and threat landscape. Individuals who:

• Understand attackers, their motivations, and the overall threat landscape. We are potentially working against state-sponsored attacks and multi-billion-dollar organized crime syndicates.
• Understand that security is a journey and not a destination. We need to focus on continuous innovation to maintain a balanced risk position against the evolving threat landscape.
• Have deep and hands-on knowledge in various domains of cybersecurity.
• Have built cyber security solutions which include technology, process, and people.

Key Responsibilities

This role will lead all aspects of a team of engineers and specialists who plan, implement, and maintain the full lifecycle of security solutions. This is a transformational and innovation-driven role.

In this role, you'll operate within AstraZeneca's Cybersecurity Products and Assurance group to deliver quality services and solutions that meet both business and IT needs. This is a technical leadership role providing guidance, definition, and design of enterprise-wide security initiatives. You'll collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organization spanning the US, UK, Sweden, China, Japan, Poland, Mexico, India, and beyond.

• Develop Cyber Security solutions spanning Cloud, Hybrid and on-premise as well as third-party collaboration environments, including capability models and roadmaps across the Cyber Security function.
• Identify, design, and deploy cyber security solutions for the organization.
• Help influence the future state of cyber security within assigned domains, conduct review and gap analysis.
• Establish and promote security protocols including playbooks and standards.
• Work with existing security teams to implement and enforce strategies and policies across the enterprise.
• Define and create a portfolio of secure design principles.
• Collaborate with other technical cyber functions resulting in effective security.
• Stay abreast of innovations in the cyber industry and incorporate them in solutions.
• Keep abreast of industry best practices, vendor capabilities, and industry frameworks to sustain best-in-class programs.
• Guide and support Architects, Engineering, and Support functions to ensure that solutions are secure and align with AZ Security policies and guidelines.
• Perform security reviews, leveraging threat modeling and other techniques, and influence how solutions can be improved for security in the way they are designed, used, built, and maintained.
• Hire, lead, and grow a diverse team, foster an inclusive culture, and establish collaborative processes that reward behaviors in addition to delivery.
• Provide technical leadership and guidance to team members, peers, and other leaders in the organization.

Essential Experience

• Must have an in-depth understanding of key cybersecurity frameworks, controls, and standard processes.
• Experience and technical understanding of leading cybersecurity vendor solutions across the OSI layers.
• Must have experience in problem-solving, defining requirements, and developing solution blueprints.
• Have a solid grasp and proven capability in Cloud, Hybrid, and On-Premise architectures.
• Familiarity with common attack techniques and their remediation/defense including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
• Solid understanding of security protocols, cryptography, authentication, authorization, and network security implementations.
• Ability to carry out evaluations, gap analysis, and vendor assessments for security technologies and applications.
• Ability to design, build, test, and implement cyber security solutions.
• Ability to map governance and compliance frameworks and controls to technical implementation.
• Strong Cloud architecture and multiple domain experience.
• Ability to prioritize and validate the threats that really matter.
• Security roadmap and strategy development experience.
• Able to work across multiple teams spanning many geographic regions.
• Excellent written and oral communication skills.
• Have or are working toward a recognized Cyber Security certification.
• Experience hiring, building, and leading a technical team.

SO, WHAT NEXT?

If you're interested in applying, we encourage you to apply using your completed Workday profile where possible.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.