BISO Commercial IT

The Commercial IT Cybersecurity Business Information Security Officer (BISO) acts as the main cybersecurity partner to Commercial IT and related business areas. This role represents the CISO to lower cyber risk and improve resilience across platforms dedicated to clients and revenue generation. This role leads security for a SaaS-heavy data-centric Commercial ecosystem spanning CRM omnichannel engagement digital experience analytics and personalization data and AI platforms pricing and revenue integration and API fabric BI and MDM. Key platforms include Veeva (CRM/Vault/OCE) Salesforce (Service/Health/Life Sciences/Marketing Cloud Data 360) Adobe Experience Cloud (AEM/Analytics/Target) Tealium Databricks on AWS Model N MuleSoft/SnapLogic Power BI and Reltio supporting both global operations and localized implementation alongside agency and third-party delivery models.

Ready to shape how these critical capabilities stay secure while enabling bold Commercial ambitions

Accountabilities

• Act as the Commercial IT security lead and CISO representative. Serve as the primary cybersecurity liaison for the commercial IT division and associated business units worldwide. Coordinate the security strategy with business objectives and customer-centered revenue-enhancing outcomes.

• Lead governance and risk-based decision-making by chairing or participating in key forums ensuring risk visibility documented risk acceptance and ownership and translating enterprise security policy into Commercial-ready standards guardrails and roadmaps.

• Provide continuous risk advisory and posture management by maintaining awareness of threat trends and regulatory drivers relevant to Commercial operations proactively advising on priorities architecture decisions and long-term security posture.

• Establish SaaS security governance across core Commercial platforms by defining and implementing secure configuration baselines environment and tenant management identity SSO and MFA patterns logging and monitoring and continuous control monitoring for Veeva Salesforce Adobe Experience Cloud Tealium and connected tooling.

• Strengthen digital channel and web experience security by partnering with digital teams to embed secure SDLC and release practices for externally hosted web content and experiences aligning protections such as WAF CDN and DDoS where applicable and mitigating web-layer and brand-abuse risks including impersonation account takeover credential stuffing web skimming and scraping.

• Drive security controls aligned with privacy in marketing and data collection. Ensure consent tracking governance and secure handling of healthcare professional and consumer information across digital marketing operations. Follow GDPR and other global privacy rules.

• Improve control maturity for commercial content records and revenue interfaces by maturing controls for content lifecycle and records (including audit trail and e-signature expectations where applicable) and for financial and ordering interfaces where Commercial platforms touch revenue processes including SOX-relevant controls.

• Run vulnerability audit and testing remediation to closure. Facilitate risk assessment and ongoing maintenance across SaaS tenants web properties and integrations. Drive timely remediation of audit and penetration test findings while reducing repeat issues.

• Enhance incident readiness and response coordination by partnering with enterprise SecOps to build Commercial-relevant playbooks align crisis and BCP activities support post-incident reviews and drive business-centric improvements for scenarios such as SaaS compromise third-party or agency incidents data exposure and digital channel compromise.

• Advance third-party and agency risk management by defining onboarding patterns minimum control requirements and ongoing monitoring for Commercial vendors and agencies (creative media/AdTech partners event hosts SaaS providers) ensuring clear remediation paths and exit strategies.

• Measure and communicate outcomes through KPIs OKRs dashboards and reporting that demonstrate risk ownership remediation throughput control coverage and resilience improvements over time.

• Champion security culture and targeted awareness by tailoring training and communications for Commercial roles and partner ecosystems on phishing and social engineering safe SaaS usage HCP and customer data handling and reporting obligations.

• Plan and oversee security initiatives and investment by shaping multi-year roadmaps business cases and resource plans; overseeing delivery of security improvements aligned to Commercial programs including platform changes integrations and data initiatives.

• Lead and develop the BISO team by directing a group spanning risk reporting and analytics risk management and remediation and security consulting tailored to SaaS-heavy international Commercial operating models; setting clear goals tied to measurable risk reduction and resilience outcomes; coaching for high performance.

Essential Skills/Experience

• Information security leadership: 10 years of experience in information security positions with 5 years experience overseeing an information security functionand influencing senior business/IT stakeholders.

• Commercial pharma domain familiarity: Experience supporting Commercial/Go-to-Market functions in a regulated life sciences environment (marketing operations sales operations customer/HCP engagement digital channels and in-country execution models).

• SaaS/CRM security depth: Hands-on experience securingVeeva CRMVeeva VaultVeeva OCE and/orSalesforceecosystems (Service Cloud Health Cloud Life Sciences Cloud Marketing Cloud Data 360) including identity/access models connected apps environment strategy secure configuration and operational monitoring.

• Digital experience and marketing technology security: Experience withAdobe Experience ManagerAdobe AnalyticsAdobe Target andTealium(or equivalent) including tag/consent governance tracking controls data-layer integrity and security considerations for externally facing digital content.

• Data platform and cloud security: Experience securingDatabricksandAWS-hosted data platforms including IAM network controls encryption/KMS logging/telemetry data governance and prevention/detection of data exfiltration.

• Integration and API security: Experience with integration platforms such asMuleSoftandSnapLogic with a strong understanding of API security patterns OAuth/token hygiene certificate lifecycle secrets management and secure data movement.

• Commercial operations / revenue process awareness: Familiarity with commercial operations platforms such asModel Nand the control expectations when systems support pricing contracting rebates/chargebacks and/or interfaces to order booking and revenue processes (includingSOX-relevantcontrol considerations).

• Depth of knowledge in Frameworks and control implementation Vulnerability and security testing management Risk dashboarding and data-driven executionIncident response collaboration are key attributes required for this role.

• Stakeholder communication: Strong written and verbal communication skills with proven ability to present complex technical information to both technical and non-technical audiences including Commercial leadership and in-country stakeholders.

• Execution under pressure: Proven ability to manage competing priorities operate under time constraints tied to launches or campaigns and drive outcomes through influence across matrixed teams.

• Bachelors degree in science or relevant technical field of study;Masterspreferred.

When we put unexpected teams in the same room we unleash bold thinking with the power to encourage life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay for this position ranges from $190956.80 - $286435.20 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and addition our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles) to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Are you ready to bring new insights and fresh thinking to the tableFantastic! We have one seat available and we hope its yours. Apply today.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.

Date Posted

Closing Date

Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and furtherance of that mission we welcome and consider applications from all qualified candidates regardless of their protected characteristics. If you have a disability or special need that requires accommodation please complete the corresponding section in the application form.