Director, Information Security Architect

Job Summary

The Director, Information Security Architect is responsible for providing leadership through definition and communication of security control requirements for OAPI/OPDC solutions and services in line with industry frameworks and the company's risk appetite. This role exhibits and continually develops expertise within the information and cybersecurity domains, supports the CISO in strategy development, and develops and maintains a roadmap for information security capabilities, technologies and/or service(s). The role requires excellent organizational, communication and collaboration skills and the ability to work on multiple efforts across IT technology and service disciplines.

Job Description

The Director, Information Security Architect will collaborate with Business and IT functional leaders, engineers, industry experts and vendors to identify, qualify, and drive the adoption of security technology and service solutions that enable strategic goals. The Director will coordinate across various compliance functions, IT, and shared services groups to successfully architect, define, and enable new capabilities for Otsuka and our affiliates. The Information Security Architect's core responsibilities include:

• Design and drive roadmaps for core security capabilities, in support of strategy, across the full spectrum of security domains, including network and cloud security, product and application security, identity and access management, data protection, as well as tools support for Security Operations and Cybersecurity Governance, Risk & Compliance (Cyber GRC).
• Lead the collaborative development of Information Security architecture, working with information security, compliance stakeholders (e.g., privacy, compliance, quality) and IT teams to ensure end-to-end protection and compliance with industry standards like NIST CSF and 800-53.
• Report to CISO and senior leadership on the effectiveness of the cybersecurity architecture and provide strategic recommendations to improve the security posture.
• Champion security-by-design, partnering closely with privacy, quality, legal, infrastructure, and business IT teams to ensure that secure practices are standardized and built into OPAI/OPDC's technology lifecycle, elevating both customer trust and internal efficiency.
• Establish, publish and communicate security control standards and guidance across technologies (e.g., endpoints, business applications, hosting and infrastructure) in line with risk posture.
• Play a key leadership role in company-wide information security governance, influencing initiatives around data protection and governance, cloud security, IAM, secure AI usage, and compliance with regulatory and risk standards.
• Provide architectural expertise, direction, and assistance to across the organization to address information security issues and facilitate the delivery of solutions that meet business objectives in a timely and cost-effective manner.
• Collaborate deeply with peers in Security Operations and Cybersecurity GRC, taking a holistic approach to managing and reducing cyber risk across the organization.
• Lead contract negotiations with cybersecurity vendors, ensuring favorable terms, SLAs, and compliance with organizational security policies.
• Lead POV initiatives for new cybersecurity tools and technologies, conducting thorough evaluations and testing to ensure their effectiveness and alignment with organizational needs.
• Continuously evaluate and enhance security systems and technologies, staying current with the latest cybersecurity trends, threats, and best practices.

Qualifications/ Required

Knowledge/ Experience and Skills:

• 10+ years of experience in cybersecurity engineering or architecture.
• 5+ years of experience in development and management of technical security control frameworks.
• 5+ years of experience in securing cloud environments (e.g., AWS, M365, Oracle, Azure) and 3+ years in M365 and AWS.
• Extensive knowledge of security solutions and best practices across the technology landscape (network, application, data and endpoint).
• Expert understanding of risk management, compliance, and governance frameworks related to cybersecurity.
• Experience in Identity and Access Management, including both traditional IAM implementations as well as SailPoint, Entra and AWS IAM management.
• Strong experience leading product security including threat modeling, secure SDLC, and security scanning technologies / vulnerability management.
• Hands-on experience leading Proof of Concept (POC) initiatives for cybersecurity technologies, with the ability to evaluate, test, and provide recommendations for new tools and systems.
• Experience with vendor management, including evaluating, selecting, and managing relationships with third-party cybersecurity vendors.
• Ability to think strategically, lead initiatives, and provide hands-on leadership in the architecture and implementation of cybersecurity solutions.
• Demonstrated ability to influence through leadership and collaboration - fostering a community of knowledge-sharing, collaboration, and forward-thinking.
• The capacity to actively learn and apply security domain knowledge, know-how, and best practices to new and emerging technologies.
• Strong skills for critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
• Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise written reports.
• Ability to communicate technical ideas and concepts clearly, verbally and written, to technical and non-technical audiences, especially in articulating technical vision to executive levels.

Educational Qualifications

• Bachelor's degree in computer science, Information Security, or a related field. A Master's degree is desirable.
• Certifications such as CISSP, CISM, CISA, or similar are highly desirable.
• Relevant certifications or professional training in cybersecurity architecture, IAM, or Zero Trust Network Access.

Competencies
Accountability for Results - Stay focused on key strategic objectives, be accountable for high standards of performance, and take an active role in leading change.
Strategic Thinking & Problem Solving - Make decisions considering the long-term impact to customers, patients, employees, and the business.
Patient & Customer Centricity - Maintain an ongoing focus on the needs of our customers and/or key stakeholders.
Impactful Communication - Communicate with logic, clarity, and respect. Influence at all levels to achieve the best results for Otsuka.
Respectful Collaboration - Seek and value others’ perspectives and strive for diverse partnerships to enhance work toward common goals.
Empowered Development - Play an active role in professional development as a business imperative.

Come discover more about Otsuka and our benefit offerings; https://www.otsuka-us.com/careers-join-otsuka.

This job description is intended to describe the general nature and level of the work being performed by the people assigned to this position. It is not intended to include every job duty and responsibility specific to the position. Otsuka reserves the right to amend and change responsibilities to meet business and organizational needs as necessary. 

Otsuka is an equal opportunity employer.  All qualified applicants are encouraged to apply and will be given consideration for employment without regard to race, color, sex, gender identity or gender expression, sexual orientation, age, disability, religion, national origin, veteran status, marital status, or any other legally protected characteristic.   

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation, if you are unable or limited in your ability to apply to this job opening as a result of your disability.  You can request reasonable accommodations by contacting Accommodation Request. 

Statement Regarding Job Recruiting Fraud Scams

At Otsuka we take security and protection of your personal information very seriously. Please be aware individuals may approach you and falsely present themselves as our employees or representatives.  They may use this false pretense to try to gain access to your personal information or acquire money from you by offering fictitious employment opportunities purportedly on our behalf.

Please understand, Otsuka will never ask for financial information of any kind or for payment of money during the job application process. We do not require any financial, credit card or bank account information and/or any payment of any kind to be considered for employment. We will also not offer you money to buy equipment, software, or for any other purpose during the job application process. If you are being asked to pay or offered money for equipment fees or some other application processing fee, even if claimed you will be reimbursed, this is not Otsuka. These claims are fraudulent and you are strongly advised to exercise caution when you receive such an offer of employment.

Otsuka will also never ask you to download a third-party application in order to communicate about a legitimate job opportunity. Scammers may also send offers or claims from a fake email address or from Yahoo, Gmail, Hotmail, etc, and not from an official Otsuka email address. Please take extra caution while examining such an email address, as the scammers may misspell an official Otsuka email address and use a slightly modified version duplicating letters.

To ensure that you are communicating about a legitimate job opportunity at Otsuka, please only deal directly with Otsuka through its official Otsuka Career website https://vhr-otsuka.wd1.myworkdayjobs.com/en-US/External.

Otsuka will not be held liable or responsible for any claims, losses, damages or expenses resulting from job recruiting scams. If you suspect a position is fraudulent, please contact Otsuka’s call center at: 800-363-5670. If you believe you are the victim of fraud resulting from a job recruiting scam, please contact the FBI through the Internet Crime Complaint Center at: https://www.ic3.gov,  or your local authorities.

Otsuka America Pharmaceutical Inc., Otsuka Pharmaceutical Development & Commercialization, Inc., and Otsuka Precision Health, Inc. (“Otsuka”) does not accept unsolicited assistance from search firms for employment opportunities. All CVs/resumes submitted by search firms to any Otsuka employee directly or through Otsuka’s application portal without a valid written search agreement in place for the position will be considered Otsuka’s sole property. No fee will be paid if a candidate is hired by Otsuka as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.