Cybersecurity Solutions Architect (Global Drug Development Team)

Major accountabilities:

• Providing in depth expertise about security principles and ensuring controls are included as technical requirements
• Advising peer architects and technologists on approved security patterns and practices
• Reviewing and challenging defined IT security related internal standards for the ongoing improvement of Novartis policies and procedures
• Acting as a single point of contact, collaborating closely with other Security Architects and IT Architects on IT security related matters
• Promoting our IT Security culture within the business and application management team and building an external network regarding IT security relevant to the business function
• Defining pragmatic solutions and recommending alternatives that meet or exceed security requirements
• Performing risk/threat assessments of all IT project related to the function and reporting on the security status of projects
• Managing a pool of external security and solution architects assigned to our portfolio
• Managing prioritization of security assessment for the function, working with our application security risk assessment pool for low impact projects

Minimum Requirements:
Work Experience:

• Degree in a business/technical/scientific area or comparable qualifications/experience
• 5 years of Information Security management or IT security expertise
• Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and organisational change processes, especially in large scale implementations
• Demonstrated experience of effectively engaging with senior business leaders across a matrixed environment
• Familiarity with frameworks such as COSO, ISO 2700x, CobiT, NIST, SOX, GDPR
• Knowledge of OWASP, SDLC, encryption, identity and access management, data integrity and other related secure software design methodologies

Nice To Have:

• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
• CSSLP, GSSP, ECCSP, CASS

Languages :

• Proficiency in English (oral and written) .