Senior Director, Cybersecurity- Architecture

Job Description Summary:

TheSenior Director, Cybersecurity Architectureserves as the senior-most cybersecurity architect in the enterprise, responsible for defining and driving the cybersecurity architecture vision, standards, and patterns that enable secure adoption of artificial intelligence, advanced analytics, cloud platforms, data-driven innovation, and modernized operational technology across a global, regulated business.

This strategic technical leadership role bridges business strategy with technical execution, ensuring that security is embedded by design into the company's most critical transformations — including generative AI platforms, enterprise data ecosystems, multi-cloud migrations, Zero Trust initiatives, and digital and connected-health solutions. The role leads a team of specialized security architects, partners with Enterprise Architecture and business technology leaders, and serves as the authoritative voice on security architecture across the organization.

The role demands deep technicalexpertisein modern cloud-native architectures, AI/ML security, data protection, identity, and Zero Trust principles, combined with the business acumen to translate complex security concepts into enabling strategies that accelerate innovation while managing risk in a highly regulated industry.

Cybersecurity Domain Scope:

TheSenior Director, Cybersecurity Architectureowns the security architecture across the following domains, setting direction for the architects and engineers who deliver in each area:

• Enterprise AI & Data Security —generative AI, machine learning platforms,LLMOps/MLOps, model governance, training-data protection, prompt injection prevention, AI agent security, enterprise data lakes, data mesh, and analytics platforms.

• Cloud Security —multi-cloud (AWS, Azure, GCP) and hybrid patterns, secure landing zones, Infrastructure-as-Code,DevSecOpspipelines, container and serverless workloads, SaaS, and API security.

• Zero Trust & Identity —Zero Trust Architecture aligned to NIST SP 800-207, enterprise identity fabric, privileged and non-human identity governance,passwordlessand phishing-resistant MFA, ZTNA, and SASE.

• OT & Manufacturing Security —architectures aligned to the Purdue Model (ISA-95) and IEC 62443, industrial DMZ, OT/IT convergence, MES, SCADA, historians, PLCs/HMIs, and secure remote vendor access.

• Architecture Governance —Security Architecture Review Board (SARB), reference architectures, design patterns, threat modeling, and exception management aligned to NIST CSF, ISO 27001, and CIS.

• Regulatory Context —GxP, 21 CFR Part 11, EU Annex 11, ALCOA+, GDPR, HIPAA, and FDA cybersecurity guidance integrated into all architecture decisions.

Typical Accountabilities:

Architecture Strategy, Direction & Standards

• Define the architecture strategy, direction, and standards pertinent for the cybersecurity architecture segment.

• Analyze and translate business priorities and strategies into architecture requirements for the enterprise.

• Act as an authority to the architecture community and the businessregardingstrategic architecture decisions for the cybersecurity segment.

• Drive, review, approve, and oversee development and deployment ofcybersecurityarchitecture roadmaps and blueprints (1–5 yearhorizon) as well as solution and segment architectures in alignment with global strategies and solutions.

• Ensure continuous alignment of capabilities with current business priorities andobjectives.

• Contribute to strategic technology and architecture decisions as part of cross-functional decision-making bodies (e.g., SARB, Enterprise Architecture Review Board, IT Leadership Team).

• Lead the development and implementation of Enterprise Architecture (EA) standards, processes, and tools as they apply to cybersecurity.

• Engage with project and service teams in the development, implementation, and maintenance of standard architectural components.

• Drive creation of functional design documents — including the risk and changemanagementportions of the architectural lifecycle — across portfolios.

Cross-Domain Resolution & Technical Counsel:

• Lead resolution of complex cross-domain and technical concerns, needs, and suggestions from business teams across portfolios to improve architecture design and mitigate risk.

• Act as strategic architectural advisor and provide technical counsel to global leadership teams — both business and IT — on potential business-critical enterprise needs and risks.

• Present strategic recommendations for systemic, structural, and technology solutions to executive leadership, including the CISO, CIO, and Audit Committee whereappropriate.

• Lead Security Architecture Review Board (SARB) activity for major initiatives and technology investments, ensuring consistent, risk-based architecture decisions.

• Conduct architecture risk assessments and threat modeling for critical systems and initiatives; manage architecture exceptions and waivers with documented risk acceptance.

Third-Party & Supplier Direction:

• Provide direction to third-party suppliers to ensure adherence to technical development and delivery aligned with thearchitectureroadmap, blueprint, and information systems strategy.

• Evaluate vendor security architectures for major technology procurements; influence vendor roadmaps to address industry and regulatory security requirements.

• Establish secure integration patterns with strategic partners, contract research and manufacturing organizations, and external collaborators.

Performance, Measurement & Reporting:

• Direct and drive monitoring, measurement, and reporting around the performance of current and upgraded architecture, systems, solutions, and frameworks across portfolios.

• Maintain an architecture repository with patterns, standards, approved designs, and security control mappings to compliance frameworks and audit requirements.

• Track adoption of published security architecture standards and reference architectures; report on maturity, exception volume, and risk posture to leadership.

Innovation, Best Practices & Thought Leadership:

• Monitor andidentifyIT architecture best practices and emerging technologies regionally and globally tofacilitateenterprise technology decisions.

• Evaluate security implications of emerging technologies — quantum computing, post-quantum cryptography, edge AI, blockchain, and conduct proof-of-concept architectures.

• Serve as a recognized thought leader within and beyond the organization, typically with leadership roles in multi-institution collaborations.

• Represent the company at industry forums, standards bodies, and peer working groups (e.g., Pharma ISAC, IEC 62443 working groups).

Talent Pipeline & Architecture Capability:

• Activelymonitorthestrength of the IT architecture talent pipeline.

• Propose and implement strategic future-focused skill-development interventions across areas through cross-functional, regional, and external partnerships to equip and adapt the IT architecture workforce to evolving technologies.

• Define security-architect competency models and career progression pathways;facilitatean architecture community of practice for knowledge sharing across the organization.

As a People Manager:

• Develop, deliver, andmonitorbudgets — including capital — for the cybersecurity architecture segment.

• Collaborate with business and regional leaders for prioritization and alignment of segment IT architecture strategy, goals, and projects.

• Build, lead, and motivate IT architecture teams to achieve stretch goals.

• Develop the professional and leadership capabilities of IT architecture professionals and managers through coaching, delegation, development plans, stretch assignments, and rotations.

• Lead and mentor a team of specialized security architects (Cloud Security, AI/Data Security, OT/ICS Security, Application Security, Infrastructure Security).

Qualifications:

Education & Certifications

• Bachelor's degree in science or relevant technical field of study;Master'spreferred.

• Preferred certifications: CISSP, CCSP, SABSA; cloud-platform security specialty certifications (AWS, Azure, GCP); GIAC Security Architecture or Cloud Security; CISM.

Architecture & Technical Experience

• Proven experience in architecture method execution.

• Significant experiencein development and design across technical domains.

• Extensive experience defining and aligning architectural roadmaps and strategies to business strategy.

• Experience with rationalization, consolidation, and integration across business domains using a formal framework.

• Experience with large justification-phase work — product evaluation and business case formulation.

• Experience defining and developing components of an enterprise architecture practice.

• Experience engaging and negotiating with third-party suppliers.

Leadership & Stakeholder Experience

• Experience influencing cross-functional global leadership and other senior stakeholders to adopt change or innovative IT solutions.

• Extensive experience managing geographically dispersed teams in a global matrix organization with direct and indirect reports — providing oversight, guidance, and mentoring.

• Extensive experience working across boundaries — internally, cross-functionally, externally, internationally, and cross-culturally.

• Experience planning and managing budgets and resources for a large IT infrastructure function.

• Experience co-working with cross-functional global leadership and other senior stakeholders preferred.

• Substantial experience communicating with and influencing diverse internal and external stakeholders, including supplier and vendor networks, across areas and geographies, to drive infrastructure strategy and outcomes.

• Substantial experienceanticipating, assessing, and managing project risks.

​

Domain Expertise (Preferred)

• 15+ years in information security with 10+ years focused on security architecture and engineering; 5+ years in leadership roles.

• Deepexpertisein cloud security architecture (AWS, Azure, GCP) including multi-cloud and hybrid cloud patterns,IaCandDevSecOps, container and serverless security.

• Proven experience with AI/ML andgenerative-AIsecurity — model security, adversarial ML, data protection, AI governance, prompt-injection defense, AI-agent security.

• Strong background in data security architecture for enterprise data platforms, analytics, and data governance (classification, encryption, tokenization, DLP, privacy-enhancing technologies).

• Experience with Zero Trust Architecture design and implementation; identity fabric, PAM, NHI governance,passwordlessauthentication, ZTNA/SASE.

• Knowledge of OT/ICS security architecture for manufacturing or critical-infrastructure environments (Purdue Model, IEC 62443) — pharmaceutical experience highly desirable.

• Familiarity withregulated-industryrequirements (GxP, 21 CFR Part 11, EU Annex 11, ALCOA+, CSV/CSA, GDPR, HIPAA) and ability to design controls that satisfy them without impeding innovation.

Key Relationships:

Direct Reports

• Cloud Security Architect(s)

• AI / Data Security Architect(s)

• OT / ICS Security Architect(s)

Internal Stakeholders

• Executive Director, Cybersecurity Engineering, Architecture & Transformation (manager)

• CISO and CISO Leadership Team

• Business Information Security Officer (BISO) leads

• Security Operations Center leadership; GRC; Cybersecurity Engineering teams

• Enterprise Architecture; Cloud, Data, and AI/ML platform teams

• Business Technology Groups (R&D, Manufacturing, Commercial, Enabling Units) and Centers of Excellence

External Stakeholders

• Cloud service providers (AWS, Azure, GCP) and strategic technology vendors

• Industry peers in pharmaceutical CISO and architecture communities

• Standards bodies and industry forums (e.g., Pharma ISAC, IEC 62443 working groups)

Working Conditions & Travel:

• Hybrid work model with flexibility for remote work; office presence as needed for collaboration.

• Occasional work outside standard business hours for global collaboration and incident response.

• 15–25% domestic and international travel — site visits to manufacturing facilities, data centers, regional offices, industry conferences, and architecture workshops.

Why This Role Matters:

• Shape the future of cybersecurity for a global, science-led organization undergoing AI and digital transformation.

• Enable innovation by designing security architectures that accelerate — rather than impede — business outcomes.

• Protect patients, people, and intellectual property by ensuring the integrity of systems that discover, develop, manufacture, and deliver life-changing medicines.

• Build world-class architecture capability by developing the next generation of security architects.

• Influence the industry through thought leadership,standardscontributions, and peer collaboration.