Cybersecurity Solutions Architect (Global Drug Development Team)

Job Description Summary

Location: Prague, Barcelona, Madrid, Hyderabad, Tel Aviv

The Novartis Global Drug Development (GDD) is in need of a Cybersecurity Solutions Architect to assist them in the development of new systems and platforms to support Novartis’ innovative drug development pipelines, clinical trials and proof of concept initiatives. GDD collaborates across scientific and organizational boundaries, with a focus on powerful new technologies that have the potential to help produce therapeutic breakthroughs for patients. As a Cybersecurity Solutions Architect, you will support these strategic initiatives by providing subject matter expertise in the domain of end-to-end security architecture.

Our Cybersecurity Solutions Architect will work with the GDD technology and science teams to ensure solutions are security designed, following approved security patterns and providing ongoing security consulting and expertise to support the following activities:
a) Review security architecture for common platforms like Salesforce, Veeva, and other major commercial and marketing technologies.
b) Review security architecture of operational changes, enhancements, and other releases related to production systems
c) Support and provide recommendations to leadership for remediating security gaps

As part of daily activities, our Cybersecurity Solutions Architect will ensure secure-by-design principles are followed for applications and technical solutions that GDD develops, provide consultation, solution architecture recommendations and work closely with domain architects to leverage Novartis’ global enterprise platforms or assist in the development of innovative new digital solutions.

The successful candidate will be a strong communicator with deep technical and security skills, especially pertaining to regulatory and GxP systems used in the pharmaceutical industry. The individual must be highly collaborative as they will need to work closely with application managers, platform engineers, 3rd party vendors, software developers and architects.

 

Job Description

Major accountabilities:

• Providing in depth expertise about security principles and ensuring controls are included as technical requirements

• Advising peer architects and technologists on approved security patterns and practices

• Reviewing and challenging defined IT security related internal standards for the ongoing improvement of Novartis policies and procedures

• Acting as a single point of contact, collaborating closely with other Security Architects and IT Architects on IT security related matters

• Promoting our IT Security culture within the business and application management team and building an external network regarding IT security relevant to the business function

• Defining pragmatic solutions and recommending alternatives that meet or exceed security requirements

• Performing risk/threat assessments of all IT project related to the function and reporting on the security status of projects

• Managing a pool of external security and solution architects assigned to our portfolio

• Managing prioritization of security assessment for the function, working with our application security risk assessment pool for low impact projects

Minimum Requirements:
Work Experience:

• Degree in a business/technical/scientific area or comparable qualifications/experience

• 5 years of Information Security management or IT security expertise

• Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and organisational change processes, especially in large scale implementations

• Demonstrated experience of effectively engaging with senior business leaders across a matrixed environment

• Familiarity with frameworks such as COSO, ISO 2700x, CobiT, NIST, SOX, GDPR

• Knowledge of OWASP, SDLC, encryption, identity and access management, data integrity and other related secure software design methodologies

Nice To Have:

• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred

• CSSLP, GSSP, ECCSP, CASS

Languages :

• Proficiency in English (oral and written) .

 

Skills Desired