Senior Director, Software Assurance

AstraZeneca


Job Location:

Gaithersburg, MD - USA

Monthly Salary: Not Disclosed
Posted on: Yesterday
Vacancies: 1 Vacancy

Job Summary

At AstraZeneca we pride ourselves on crafting a collaborative culture that champions knowledge-sharing ambitious thinking and innovation ultimately providing employees with the opportunity to work across teams functions and even the globe.

Recognizing the importance of individualized flexibility our ways of working allow employees to balance personal and work commitments while ensuring we continue to create a strong culture of collaboration and teamwork by engaging face-to-face in our offices 3 days a week. Our head office and BlueSky Hub in downtown Toronto are purposely designed with collaboration in mind providing space where teams can come together to strategize brainstorm and connect on key projects.

Our dedication to sustainability is also central to our culture and part of what makes AstraZeneca a great place to work. We know the health of people the planet and our business are interconnected which is why were taking ambitious action to tackle some of the biggest challenges of our time from climate change to access to healthcare and disease prevention.

Introduction to role:

Are you ready to build the trust layer that powers AI-native development and life-changing science This role turns secure software into a strategic advantage ensuring that every application we build buy or run is safe resilient and provably credible.

As Senior Director Software Assurance you will lead a global transformation that embeds secure-by-design practices across our engineering ecosystem from cloud-native and AI-enabled platforms to validated systems supporting critical business operations. Your work will protect patients and science by reducing enterprise risk accelerating delivery and enabling teams to innovate confidently.

Based in the US with up to 20% travel you will partner with senior technology and business leaders to align software assurance to enterprise risk appetite and measurable outcomes. Can you turn strategy into adoption at scale and deliver demonstrable risk reduction that executives and regulators trust

Accountabilities:

Strategy and Programme Ownership: Define and be responsible for the enterprise Software Assurance strategy with an 1824 month execution roadmap and 35 year capability targets; drive the evolution of secure-by-design across the full SDLC for both internal and third-party software aligned to long-term technology and trust objectives.

DevSecOps Enablement and Paved Path Adoption: Integrate security controls automated scanning and policy enforcement into CI/CD workflows; mature the Paved Path pipeline so the secure default is also the fastest path to production raising engineering productivity while reducing risk.

Tooling Leadership and Automation at Scale: Champion and oversee SAST DAST SCA secrets detection IaC scanning SBOM generation and provenance enforcement using platforms such as GitHub Advanced Security Snyk (Code and Open Source) SonarQube Burp Suite Enterprise OWASP ZAP AWS Inspector GitGuardian Checkov Wiz IaC tfsec FOSSA and Sigstore/SLSA; guide adoption of AI-assisted development and code review with services such as AWS Kiro.

Supply Chain Integrity and Third-Party Assurance: Establish dependency governance artifact signing package registry controls and vendor assurance requirements; extend SBOM and provenance standards across build deploy and runtime to defend against supply chain compromise.

Vulnerability Management and Risk Prioritisation: Oversee enterprise vulnerability management for software assets focusing on exploitability asset criticality and business impact; ensure rapid remediation pathways and durable fixes tied to root cause elimination.

Regulatory and Validated Systems Assurance: Ensure robust security assurance for GxP/validated systems maintaining compliance with FDA 21 CFR Part 11 EMA Annex 11 and related expectations; be audit-ready with evidence-led controls and end-to-end traceability.

Governance Metrics and Executive Reporting: Operate a risk and performance framework that provides clear actionable posture views; brief senior leadership with metrics that show trend coverage and outcomes; direct capital allocation for platforms tooling and talent.

Incident Leadership and Continuous Improvement: Lead software security incident response and post-incident reviews driving systemic improvements into standards tooling and operating models to prevent recurrence.

Supplier and Ecosystem Management: Own strategic vendor relationships across the assurance tooling landscape; lead commercial negotiations and partnerships to unlock capability interoperability and value.

Talent Culture and Organisational Development: Build and inspire a high-performing global team; set stretch goals cultivate psychological safety and deep technical craft; create champion networks and training that shift-left security across engineering communities.

Enterprise Influence and Adoption: Partner with CIO security leadership engineering platform and risk stakeholders to prioritise the assurance agenda; translate standards and frameworks into practical playbooks that teams adopt at scale.

Essential Skills/Experience:

  • Bachelors degree in Computer Science Information Security Software Engineering or a related technical field; advanced degree desirable.

  • Minimum 10 years of relevant experience

  • Validated strategic leadership in software assurance application security or product security at enterprise scale with clear accountability for programme delivery and risk outcomes.

  • Demonstrated expertise in Secure SDLC frameworks (NIST SP 800-218 SSDF OWASP SAMM BSIMM) and their practical application across large global engineering organisations.

  • Hands-on fluency with modern software assurance tooling across SAST DAST SCA secrets management and supply chain integrity (e.g. GitHub Advanced Security Snyk AWS Kiro SonarQube Burp Suite Enterprise Wiz FOSSA).

  • Consistent track record in developing and delivering long-term strategic plans that demonstrably improved an organisations software security posture.

  • Extensive experience reducing cyber risk in large complex global enterprises including regulated environments (pharmaceutical financial services or equivalent).

  • Experience leading large-scale change initiatives from planning to full implementation across geographically dispersed matrixed organisations.

  • Significant experience leading sizeable teams with direct and indirect reports; skilled at building high-performing engineering and security functions.

  • Substantial experience communicating with and influencing diverse internal and external stakeholders including executive leadership regulators and supplier/vendor networks to drive strategy and outcomes.

  • Experience planning and handling multi-million-dollar budgets and resource allocation for a large software or cyber security function.

Desirable Skills/Experience:

  • Relevant security certifications: CISSP CSSLP CISM or equivalent (preferred).

  • Experience in the pharmaceutical or life sciences sector with familiarity with GxP software validation requirements and regulatory frameworks.

  • Familiarity with AI-assisted development platforms and their associated security implications including AI code generation LLM supply chain risk and specification-driven development tools such as AWS Kiro.

  • Experience with cloud-native software security (AWS Azure GCP) container/Kubernetes security and API security posture management.

  • Track record of co-working with cross-functional global leadership across Engineering Architecture GRC Legal and business technology functions.

Why AstraZeneca:

Join a company where bold science meets advanced engineering to deliver medicines that change lives. You will shape software assurance at global scale in an environment that encourages experimentation invests in modern platforms and brings unexpected teams into the same room to unleash bold thinking. We move fast with purpose pairing high standards with kindness and support and we expect leaders to embrace AI and data to improve how we work. Your decisions will ripple across discovery development manufacturing and the digital products that connect us to patients giving you both executive reach and the space to grow craft and team.

Call to Action:

If you are ready to build the software assurance backbone that accelerates safe secure innovation for millions of patients take the lead and apply today!

Great People want to Work with us! Find out why:

Are you interested in working at AZ apply today!

AstraZenecais an equal opportunity employer that is committed to diversity and inclusion and providing a workplace that is free from discrimination. AstraZeneca is committed to accommodating persons with disabilities. Such accommodation is available on request in respect of all aspects of the recruitment assessment and selection process and may be requested by emailing.

#LI-Hybrid

Date Posted

26-Jun-2026

Closing Date

10-Jul-2026

Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and furtherance of that mission we welcome and consider applications from all qualified candidates regardless of their protected characteristics. If you have a disability or special need that requires accommodation please complete the corresponding section in the application form.


Required Experience:

Exec

At AstraZeneca we pride ourselves on crafting a collaborative culture that champions knowledge-sharing ambitious thinking and innovation ultimately providing employees with the opportunity to work across teams functions and even the globe.Recognizing the importance of individualized flexibility our...

About Company

Company Logo

AstraZeneca is an equal opportunity employer. AstraZeneca will consider all qualified applicants for employment without discrimination on grounds of disability, sex or sexual orientation, pregnancy or maternity leave status, race or national or ethnic origin, age, religion or belief, ... View more

View Profile View Profile