Job Title:  Senior Manager
Location: TRIL GTC 
GCL :E2

Job Description / Capsule

The cyber security manager will lead a small team and support the wider cyber security team to ensure that AstraZeneca’s information assets are adequately protected in relation to confidentiality, integrity and availability.  The role will specifically include assessing the security of IT solutions, 3rd Parties and Web Services against AZ standards and security framework controls to identify any risk and support the remediation processes to improve the security of the service. Additionally, the role holder will be responsible for all business reporting and metrics supporting the operational efficiency of the wider governance team.

The role is also required to work closely with internal teams across all lines of business, internal auditors, external auditors and the wider enterprise, to determine new security assurance opportunities, to communicate clearly and effectively with AstraZeneca’s global customers and suppliers and work collaboratively with other IT functions and AZ business areas.

Typical Accountabilities

• Management and performance of the Chennai governance team, day to day leadership and setting direction for direct reports
• Production of reporting and metrics supporting the operational efficiency of the wider governance team
• Deliver a consistent security review of IT solutions, 3rd Parties and Web Services against AZ security standards and framework.
• Identify and report IT risks (internal/external) and identifying mitigating activities and manage the risk profile
• Provide consultation and guidance in respect of security solutions.
• Identify security assurance process improvements through reduction of risk, user experience or efficiency and drive these improvements to completion.
• Support change and improvement to cyber security operational and control processes within the IT Security team and other IT functions
• Act as an advocate for Cyber Security within AstraZeneca, internally within IT and to the wider business to ensure Security Assurance and the process is fully understood and adopted at all levels

Work with all IT and AZ functions to ensure adherence to the AZ security assessment framework including:

• Functional leadership as the key interface
• CSIS & EUS Tower representatives
• Customer Facing IT
• Risk and Compliance teams in IT and in CSIS
• 3rd Parties through the Customer Manager

Education, Qualifications, and Experience

Essential

• Technical qualifications including Certified Information System Security Professional (CISSP) and Certified Information Systems Auditor (CISA).
• Strong IT technical knowledge of networking, server or security arenas.
• 10yrs + Experience of security assurance and risk management, in complex, multinational, corporate environments.
• Proven track record of working with senior stakeholders to deliver positive outcomes in the security posture.
• A very good awareness of IT architecture, design, configuration, and implementation.

Desirable

• Practical experience of working in a security operations center
• Experience of working in other IT disciplines and across a range of industries and sectors.
• Working knowledge of SOx & GxP compliance.
• Working knowledge of security standards such as NIST 800-53, ISO27001 & NIST CSF

Skills and Capabilities

Essential

• Clear and unambiguous oral and written communication is often required when interacting with multiple suppliers to resolve complex security reviews
• Ability to work well in diverse, multinational teams and proven ability to influence others to achieve positive outcomes
• Ability to analyze complex situations, assessing risks and balancing strategic and tactical security requirements
• Willing to learn and able to manage ambiguity and operate effectively with little supervision

Desirable

• Experience working in a global organization where stakeholders and team members are geographically dispersed.
• Be valued and respected for collaboration, integrity and enablement.
• Experience of working with external auditors.

Key Relationships to reach solutions

Internal (to AZ or team)

• IT Operational teams
• AZ business risk / security teams
• IT & Global Compliance teams

External (to AZ)

• External auditors
• External 3rd parties and supplier

Internal audit teams

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. 
 

Date Posted

14-May-2020

Closing Date

12-Jun-2020

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.