BISO Enterprise AI & Data

Do you want to build how a global enterprise secures AI and data at scale to accelerate impact for patients

This is a chance to lead the cybersecurity agenda for the teams building our data products advanced analytics AI/ML Generative AI and agentic automationso that innovation moves fast without compromising trust.

As the primary strategic cybersecurity partner to our enterprise AI and data leaders you will represent the CISO to align priorities embed secure-by-design patterns and deliver measurable risk and resilience outcomes across cloud-based data platforms and AI ecosystems. You will coach a seasoned team influence senior stakeholders and turn complex risk into clear decisions that protect high-value information and business-critical analytics. Can you see yourself turning cutting-edge ideas into secure dependable capabilities used across the company every day

Accountabilities

• Strategic partnership and governance: Act as the senior security partner to AI and data leadership aligning enterprise cybersecurity strategy to business priorities; chair or participate in governance forums to enable risk-based decisions and clear accountability across portfolios.

• AI and data risk advisory: Provide strategic guidance on risks across the data and AI lifecyclecovering sensitive data exposure excessive access insecure model development prompt/context leakage model supply chain compromise adversarial manipulation insecure APIs and third-party dependenciesand translate them into pragmatic control choices.

• Secure adoption of AI GenAI and agentic systems: Define practical control expectations approved design patterns and human-in-the-loop approaches for AI/ML Generative AI and agentic automation appropriate to data sensitivity and criticality; partner with security engineering architecture and delivery to scale secure usage.

• Data platform and analytics security governance: Establish and evolve governance for data platforms lakehouse environments analytics workspaces semantic layers feature stores model registries vector stores and cloud-native servicescovering configuration baselines identity and role design segregation of duties logging encryption key management network controls and continuous control monitoring.

• Risk reduction and continuous improvement: Drive vulnerability management architecture review follow-through audit and penetration test remediation and maturity uplift against control frameworks; set KPIs/OKRs and build feedback loops that demonstrate risk reduction and operational effectiveness.

• Incident preparedness and response: Strengthen readiness playbooks and crisis processes for incidents affecting data platforms and AI services including model misuse sensitive data leakage third-party compromise privileged access misuse and disruption to analytics and decision support; lead post-incident learning and preventive improvements.

• Threat awareness and horizon scanning: Maintain deep understanding of threats to enterprise AI and datacredential abuse cloud misconfiguration data exfiltration dependency compromise model theft prompt injection data poisoning jailbreaks and agentic workflow abuseand convert insights into timely guidance for stakeholders.

• Stakeholder management and influence: Build trusted relationships with senior leaders across R&D Operations Commercial Corporate functions Legal Privacy Architecture Data Governance Digital Health Procurement and Sourcing to embed security into planning and delivery.

• Culture awareness and communications: Champion a cybersecurity culture tailored to data engineers platform engineers architects data scientists analysts AI product teams and business usersfocusing on secure AI usage sensitive data handling prompt hygiene model/code provenance privileged access discipline and reporting obligations.

• Lead and coach a high-performing team: Direct security engineers specialists and analysts to deliver posture reporting risk management remediation and consulting for cloud-based data platforms and AI ecosystems; set clear goals tied to measurable risk reduction business enablement and resilience.

• Adapt to change: Navigate a fast-evolving global AI and data ecosystem across major clouds and enterprise tooling ensuring observability detection and monitoring are built in while adoption remains safe and swift.

Essential Skills/Experience

• Information security leadership: 10 years of experience in information security positions with 5 years experience overseeing an information security function and influencing senior business and IT stakeholders in complex global environments.

• Enterprise AI and data domain familiarity: Demonstrated experience supporting enterprise data analytics AI/ML or digital platform functions with the ability to translate business and technical priorities into effective cybersecurity controls and risk decisions.

• AI / GenAI / agentic security expertise: Demonstrated ability to apply and govern security for AI/ML Generative AI and agentic automation use cases including practical understanding of risks such as prompt injection insecure tool use data leakage model manipulation insecure retrieval over-privileged agents and supply chain exposure with experience translating use cases into measurable business and cybersecurity outcomes.

• Data platform and cloud security: Familiarity with securing cloud-based data platforms and analytics environments including identity and access models encryption and key management telemetry and logging data flow protection workload isolation secrets management and monitoring for misuse or exfiltration.

• Experience with platforms such as Databricks hyperscaler-native data services or equivalent enterprise data platforms is a strong differentiator.

• Application API and integration security: Experience with application security and integration security patterns relevant to modern data and AI ecosystems including API security OAuth/token hygiene certificate lifecycle service-to-service authentication software supply chain considerations and secure secrets handling.

• MLSecOps / DevSecOps enablement: Experience working with engineering platform or product teams to integrate security controls into CI/CD pipelines data pipelines model delivery workflows and infrastructure-as-code practices in cloud-native environments.

• Frameworks and control implementation: Experience implementing and operationalizing controls defined by NIST CSF ISO 27001/27002 and related cybersecurity frameworks and applying them pragmatically to cloud data and AI environments. Familiarity with emerging AI governance and assurance concepts is advantageous.

• Risk dashboarding and data-driven execution: Ability to build meaningful risk dashboards and metrics using actionable data to prioritize remediation demonstrate risk reduction and support governance decisions across enterprise AI and data services.

• Vulnerability and testing management: Understanding of vulnerability management and recurring hygiene efforts across cloud services data platforms applications APIs containers and integrations; familiarity with threat modeling security testing and penetration testing approaches relevant to web API cloud and AI-enabled services.

• Incident response collaboration: Understanding of global security operations and incident response processes including scenarios such as data leakage cloud compromise exposed storage pipeline compromise model misuse and third-party service incidents.

• Stakeholder communication: Strong written and verbal communication skills with proven ability to present complex technical information to both technical and non-technical audiences including enterprise technology leadership data and AI leaders governance bodies and business stakeholders. -

• Execution under pressure: Proven ability to manage competing priorities operate under time constraints and drive outcomes through influence across matrixed teams in a fast-evolving technology landscape.

• Bachelors degree in science or relevant technical field of study;Masterspreferred.

Desirable Skills/Experience

• Professional certifications such as CISSP CCSP CISM or equivalent.

• Experience with enterprise AI and data tooling such as Databricks Dataiku Domino Hugging Face GitHub AWS Bedrock Google Vertex AI and Microsoft Copilot services. -

• Familiarity with AI-specific security and governance tools and cloud security posture management for data/AI estates. - Experience establishing or chairing cross-functional governance forums for AI and data platforms. -

• Background working in highly regulated or safety-critical environments and with privacy and data protection stakeholders. -

• Proven track record of building global high-performing cybersecurity teams and coaching senior individual contributors.

When we put unexpected teams in the same room we unleash bold thinking with the power to encourage life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay for this position ranges from $190956.80 - $286435.20 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and addition our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles) to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Are you ready to bring new insights and fresh thinking to the tableFantastic! We have one seat available and we hope its yours. Apply today.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.

Date Posted

Closing Date

Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and furtherance of that mission we welcome and consider applications from all qualified candidates regardless of their protected characteristics. If you have a disability or special need that requires accommodation please complete the corresponding section in the application form.