Director- Cybersecurity, Secure by Design

Job Title: Director- Cybersecurity Secure by Design

GCL: F

Introduction to role:

Are you ready to hardwire security into every design decision and release so science can move faster with confidence Can you lead global engineering teams to move from reactive fixes to design-led measurable risk reduction

This senior technical leadership role anchors security in the full lifecycle of our digital ecosystem. You will translate a Trust-by-Design vision into practical engineering patterns that safeguard cloud platforms software AI/GenAI capabilities operational technology and enterprise applications. Your work will help ensure that the platforms powering discovery development and delivery of medicines are secure by defaultso teams can innovate at speed without compromising integrity.

You will partner across architecture product engineering and operations to embed security standards and automate controls at scale. By shaping guardrails and enabling secure development practices you will reduce systemic risk accelerate releases and protect data that matters for patients and the business.

Accountabilities:

• Define and drive the engineering strategy aligned to CISA NIST SSDF ISO/IEC 27034 and EU CRA principles; establish a Secure Development Lifecycle across software cloud and OT and convert the CISOs vision into 1824 month roadmaps with measurable outcomes.
• Lead threat modelling secure code reviews penetration test coordination and portfolio-wide vulnerability management; convert findings into prioritized remediation and control improvements that demonstrably reduce risk.
• Direct engineering activities across complex software and application projects; design and implement secure-by-default configurations for cloud (IaaS/PaaS/SaaS) containers (Docker Kubernetes) hybrid and onpremise; oversee build configuration testing and release of cybersecurity solutions with a focus on secure architecture DevSecOps and data security.
• Govern application and software lifecycle security needs including patching hardening secrets management and control validation; lead incident and problem resolution for security-related issues and prevent recurrence through design patterns and automation.
• Provide technical feedback for arguments and supplier selection; evaluate and integrate platforms and partnerships that strengthen code security CI/CD cloud posture and vulnerability remediation.
• Serve as engineering authority applying NIST AI RMF OWASP Top 10 for LLM and MITRE ATLAS; define guardrails fail-safes and human oversight by default; partner with an AI centre of excellence to secure AI pipelines across R&D Commercial and Manufacturing.
• Drive engineering standards for manufacturing environments incorporating IEC 62443 Purdue Model layers and Zero Trust patterns to protect critical systems and ensure safe operations.
• Engage architecture DevOps product engineering and third parties to codify security requirements; lead security design reviews risk assessments and represent cybersecurity engineering in governance forums and supplier assurance.
• Ensure solutions meet GxP 21 CFR Part 11 EU Annex 11 GDPR HIPAA SOC2 and OWASP expectations; embed compliance as code where possible to streamline assurance.
• Build mentor and empower a hard-working global cybersecurity engineering team; handle budgets capacity and delivery; drive performance metrics and tier reporting; recruit and develop diverse talent and shape futurefocused skills through internal and external partnerships.
• In the first 612 months baseline and operationalize the SDL and securebydefault patterns across priority platforms; by 1824 months achieve scaled automation measurable risk reduction and adoption of standards enterprisewide.

Essential Skills/Experience:

• Bachelors degree in Computer Science Information Security Software Engineering or comparable specialisation.
• 15 years of experience in cybersecurity engineering software security or product security in a senior leadership or director-level role.
• Deep expertise in Secure by Design / Secure Development Lifecycle (SDL) principles aligned to CISA NIST SSDF and ISO/IEC 27034.
• Significant experience with modern software development languages security patterns testing phases and DevSecOps toolchains.
• Proven experience implementing and leading threat modelling secure code review and vulnerability management programmes at scale.
• Experience with cloud security engineering across IaaS/PaaS/SaaS platforms (AWS Azure GCP) and container security (Docker Kubernetes).
• Experience with AI/GenAI security controls including NIST AI RMF OWASP LLM Top 10 and secure AI deployment patterns.
• Experience working within a quality and compliance environment including GxP 21 CFR Part 11 GDPR or equivalent regulated-industry frameworks.
• Meaningful experience leading sophisticated large-scale IT/cybersecurity engineering projects within global geographically dispersed organisations.

Desirable Skills/Experience:

• Relevant professional certification (CISSP CSSLP CISM or equivalent).
• Experience in agile software development methodologies and security integration within CI/CD pipelines.
• Experience utilising modern test management and security tooling (e.g. X-Ray for Jira SAST/DAST tools SCA platforms or similar).
• Experience with OT/ICS security architecture for pharmaceutical manufacturing environments (IEC 62443 Purdue Model).
• Familiarity with EU Cyber Resilience Act (CRA) and its engineering compliance implications.
• Experience co-working with multi-functional global leadership and senior collaborators including CISO CIO and Audit Committee.
• Pharmaceutical or life sciences sector experience preferred.

When we put unexpected teams in the same room we fuel ambitious thinking with the power to encourage life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility.

Why AstraZeneca:

This is where technical depth meets largescale impact. You will collaborate with diverse experts who unite different teams in a shared space. Together you will unlock ambitious thinking and turn complex data and technology challenges into secure practical solutions that improve lives. We connect across every part of the company amplifying the effect of secure engineering on research development manufacturing and patient engagement. Expect a culture that values kindness alongside ambition where we share learn and challenge together and where your leadership in secure design can raise your profile while shaping how a digital and datadriven enterprise delivers for patients every day.

Lead the shift from bolton security to builtin resiliencestep forward to shape the standards teams and systems that safeguard lifechanging science now.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.