Senior Director Cybersecurity Engineering, Innovation, and Assurance

About AstraZeneca

AstraZeneca is a global, science-led biopharmaceutical company that pushes the boundaries of science to deliver life-changing medicines. More than just a leading pharmaceutical company, we are a vibrant community of innovators dedicated to making a difference in medicine, patients' lives, and society. We foster an inclusive, collaborative culture where you're empowered to push your entrepreneurial spirit, champion diversity, and commit to lifelong learning and growth. At AstraZeneca, you’ll be part of something bigger.

Our Cutting-Edge IT Environment

Here our work has a direct impact on patients – transforming our ability to develop life-changing medicines. We empower the business to perform at its peak and lead a new way of working, combining pioneering science with leading digital technology platforms and data. All with a passion to impact lives through data, analytics, AI, machine learning and more. Join us at a crucial stage of our journey in becoming a digital and data-led enterprise. Make the impossible possible by building partnerships and ecosystems, creating new ways of working and driving scale and speed to deliver exponential growth. Focused and committed, and backed with the investment to succeed, we’re driving cross-company change to disrupt the entire industry. Ours is a place to innovate, take ownership and run with it. You’re trusted to explore and to find new solutions, experimenting with groundbreaking technology and grappling with challenges in a modern technological environment that might never have been tackled before. It’s a dynamic and exciting environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. Shape your own path, with support all the way. Diverse minds that work multi-functionally and inclusively together. Be part of a team that has the backing to innovate, disrupt an industry and change lives.

About the Role

The Senior Director Cybersecurity Engineering, Innovation, and Assurance will lead a team of senior security engineers, managers, and specialists maintaining corporate wide AI and information security, such that AstraZeneca’s AI and information assets are protected at the highest level of confidentiality, integrity and availability. Working in the office of the AZ Chief Information Security Officer (CISO), the role is responsible for overseeing the AstraZeneca’s AI and information security needs via providing leadership and support for cyber and AI risk management, policy development, regulatory compliance, data privacy and IT security operations.

The Senior Director Cybersecurity Engineering, Innovation, and Assurance will lead a team that plans, executes, and sustains the full lifecycle of AI controls and cybersecurity capability. The cybersecurity annual planning process and budget are owned by this role. This role is responsible for overseeing AstraZeneca’s business enabling AI and information security needs by bringing an innovator’s perspective and providing strong technology leadership. This role supports emerging AI control protocols and solutions, cloud IaaS/PaaS/SaaS security, infrastructure security, digital asset development and lifecycle risk reduction, software development risk reduction, annual recurring red team risk reduction and remediation efforts, cybersecurity architecture, IT solution technical and engineering threat modelling, emerging IoT/OT cybersecurity controls, capability innovation, cybersecurity controls assurance and data protection. Expect the scope of this position to evolve as technology, ways of working, and pharmaceutical advances change at a rapid rate. This role is critical to the global cybersecurity effort as it demands cross functional engagement across all IT, cybersecurity, and business functions. Ability to effectively influence, engage, and achieve consensus outcomes is a critical must have for success in this position.

Typical Accountabilities

• Maintain continuous awareness of AI controls and cybersecurity technology market developments. Develop requirements, understand and apply engineering trade analysis to select AI control and cybersecurity solutions that are compatible with AstraZeneca’s IT and OT environments.

• Serve as the primary AI controls and cybersecurity subject matter expert within the IT architecture group.

• Lead assurance team efforts to assess IT and OT designs against Security Baseline Configurations, cybersecurity framework controls, and industry best practices. Ensure the team is highly competent, capable, resourced to assess architecture artifacts and identify AI and cybersecurity risks.

• Provide AI, SW development, and cybersecurity solution designs that are compliant with the AstraZeneca Security Policy Framework.

• Collaborate closely with cybersecurity threat intelligence and operations to threat model IT and OT architectures and solution designs by providing actionable risk reduction remediation actions.

• Establish and lead and annual penetration testing finding engineering remediation capability that collaborates across IT and OT organizations and leverages IT service delivery processes to drive risk burndown.

• Coordinate annual cyber security budget creation and prepare business cases. Drive monthly budget performance review and forecasting.

• Organize, collaborate, and facilitate innovative cyber security solutions with emphasis on collaborative team member engagement and participation in governance and oversight boards.

• Coordinate and provide oversight on the management and strategy of a technical security infrastructure for the defence, detection and response to sophisticated cyber threats.

• Support functions creating standard process risk dashboard and appropriate cyber security metrics.

• Actively participate as a member of the AstraZeneca cyber security leadership team.

• Maintain awareness of cyber threat vectors, attack methodologies and mitigation/remediation methods.

• Develop/ Lead global cyber security steering groups with IT Business Technology Groups and other business units.

• Drive security control implementation and maturity into cloud environments, SaaS applications, manufacturing IoT/OT, and data protection initiatives.

• Coach team for high performance, creating a supportive working environment where everyone has the opportunity to fulfil their potential.

• Collaborate closely with the cybersecurity culture and awareness team to develop and deliver AI controls and cybersecurity information campaigns.

• Lead or participate in global cybersecurity steering groups with IT leadership and other business units.

Education, Qualifications, and Experience

Essential

• Embrace collaborative and cross-functional team ethos.

• Experienced knowledge of AI controls and cybersecurity technology and its application.

• 15+ years of experience in information technology and/or security positions, with 8+ years’ experience in a leadership role.

• Program budgeting, planning, delivery.

• Expertise in creating and maintaining performance and operations metrics.

• Experience in implementing and operating ISO, CIS, and NIST AI and cyber security frameworks.

• Significant knowledge of how engineering supports cyber security operations, incident response countermeasures.

• Deep understanding of information security technologies, cloud, application, data, and network architecture.

• Practical understanding of procurement processes and IT change management.

• Demonstrable ability to manage competing priorities and work under pressure.

• Maintain a global perspective on privacy, security, and data protection issues and trends.

• Expert at reducing cyber risk in a large, global enterprise.

Desirable

• Familiarity with regulated industry, ideally Pharma compliance and change management.

• Advanced program management skills.

• IT service desk coordination.

• Penetration testing outputs and translating them into risk reduction and remediation projects.

• A relevant technical degree, competence or equivalent.

• Current information security certification as a GIAC, CISSP, CISM, CISA, etc.

• Experience of working in other IT disciplines and across a range of industries and sectors.

Skills and Capabilities

Essential

• Excellent problem solving and troubleshooting skills, autonomous working, direction, and goal setting.

• Strong written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.

• Demonstrated cross-cultural leadership ability.

• Be valued and respected for collaboration, integrity, and enablement.

• Experience working in a global organization where stakeholders and team members are geographically dispersed.

Desirable

• Experience working with Executive level stakeholders.

Technology at AstraZeneca: Where Purposeful Disruptors Thrive!

The annual base pay for this position ranges from 185.843,20 - 278.764,80 USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

When we put unexpected teams in the same room, we spark bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our outstanding and ambitious world.

Join a team with the backing and investment to win! You'll be working with brand-new technology. This marriage between our purposeful work and the use of high-tech platforms is what sets us apart. Lead the way in digital healthcare. From exploring data and AI to working in the cloud on new technologies. Join a team at the forefront. Help shape and define the technologies of the future with the backing you need from across the business.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

Ready to make an impact? Apply now!