Global Head, Cyber Defense & Security Operations

Job Description Summary

Job Description

Global Head Cyber Defense & Security Operations

Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path unique opportunities will present themselves both professionally and personally. Join us the future is ours to shape!

Job Summary

Lead the Information Security Operations organization to ensure all Sandoz assets are protected and monitored based on the leading practices for Information Security. This role is solely responsible for overseeing the security posture of our environment in line with commitments made to the Risk Committee of the Board. Responsible for running and engineering all systems that defend the enterprise by owning the tools used by the security team to maintain the protective state of Sandoz assets and to lead post incident root cause analysis. Oversee and lead the Sandoz Cyber Security Operations Center (SOC) which includes monitoring detection coordinated response and management of security incidents and cyber security threats.

Your Key Responsibilities:

Your responsibilities include but are not limited to:

• Provide full visibility of cyberrisk and exposure across the threat landscape enabling prediction detection and response to attacks in near realtime

• Define the standard for security events and log creation

• Responsible for all maintenance of the IDS SIEM SOAR and email hygiene systems to include configuration changes updates and creation of custom detection logic reporting and dashboards to provide actionable threats to security operators

• Develop policies procedures and guidelines for a security incident response program

• Identify escalate and communicate security incidents to stakeholders.

• Perform recovery and restoration of incidents

• Create design and implement test plans for testing the security of systems processes and their environment

• Provide applications teams with comprehensive security testing services and support to minimize the number of vulnerabilities which are released into production

• Conduct attack and penetration assessments aimed at demonstrating the actual risk that is caused by a cyber security breach and the extent of the security risk exposure to the organization

• Establish process and capabilities to gather process interpret and to use digital evidence to provide a conclusion such as incident timeline threat vectors and threat actors

• Establish a process detailing different phases of data handling from identification collection acquisition to preservation

• Perform log network system memory and system configuration and file structure collection and analysis to identify what has happened where it happened the foothold of the attacker data at risk and how to stop the infection and prevent it from happening again

• Create processes to identify critical security processes and systems supporting the organization and document recovery and restoration procedures

• Leverage a collection of cyber threat data points for analysis evaluation against priority intelligence requirements and synthesis to provide timely accurate and actionable reporting to security operators and decision makers

• Leverage threat and business intelligence to craft use cases and detection logic for security tooling

• Scan the environment to identify threat malware perform investigations on those items and execute a strategy to mitigate the threat or eliminate the malware from the environment

• Identify analyse and address flaws or vulnerabilities in hardware or software that could serve as attack vectors

• Perform threat hunting proactively to iteratively search through the enterprise to detect and isolate threats attempting to evade existing security controls

• Perform regular tabletop and red team exercises and incident simulations to test and exercise incident response plans

Minimum Requirements

What youll bring to the role:

• At least 15 years of experience in Information Security; experience of running security operations and a Cyber Defense Center (SOC) in regulated environment

• Excellent negotiation communication and interpersonal skills ability to develop influential relationships with different stakeholders across all level

• Knowledge and experience of industry standards such as ISO 27001 CIS Controls NIST Cyber Essentials

• Change Management Champion with experience in leading teams through large-scale IT change / transformation programs

• Highly experienced people leader with the ability to lead and develop diverse teams across wide geographies

• An entrepreneurial mindset driven by curiosity continuous improvement and interest in technical advancements and trends.

• Strong project management skills with the ability to multitask and properly delegate work

Preferred Requirements:

• Master of Science degree or equivalent experience in computer science engineering or information technology or other relevant field.

• Certification or accreditation in Information Security (e.g.: CISM CISA CISSP etc.)
• Worked in a regulated environment

Why Sandoz

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz a leader in this sector provided more than 900 million patient treatments across 100 countries in 2024 and while we are proud of this achievement we have an ambition to do more!

With investments in new development capabilities production sites new acquisitions and partnerships we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost high-quality medicines sustainably.

Our momentum is powered by an open collaborative culture driven by our talented and ambitious colleagues who in return for applying their skills experience an agile and collegiate environment with impactful flexible-hybrid careers where diversity is welcomed and where personal growth is supported!

Join us!

#Sandoz

Skills Desired