Posted to MedZilla on 9/20/2017


US-MA, Security Architect - Data 209573BR_1503669724-MZ


Novartis is recruiting for a Security Architect - Data. This position will be located in Cambridge, MA.

Healthcare is one of the most targeted industries by cyber criminals and other digital threats. IT security professionals at Novartis are at the forefront of the battlefield for security and ensure the success of our mission by building IT security and risk management into our solutions. They face new challenges daily and help Novartis get ready to fight the good fight in cyberspace. This meaningful job, of protecting Novartis and patients from threats in an ever changing threat landscape requires fast learning skills, innovative technologies, and methods of mitigation.

The Security Architect for Data Protection will work across Information Security and Risk Management and with all information technology functions to formulate a cyber security information architecture strategy, and develop, publish and drive the adoption of cyber security data architecture patterns and templates. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist who can think outside the box. The individual must be highly collaborative as they will need to influence functional leadership, HR, Legal and Privacy as well as other security architects, engineers, developers.

Complete oversight of entire data protection and security lifecycle:

• Oversee and facilitate the evaluation, selection and design of data security fabric

• Define policies for data protection across applications, systems and end user technology in alignment with regulations, e.g. GDPR

• Define encryption strategy for applications and systems (cloud and on premise)

• Establish document protection technology strategy (e.g. RMS and DLP)

• Oversee DLP fabric and strategy

• Interact with legal HR and Privacy on global data protection matters • Define strategy and technology for Tokenization and Data Masking/Obfuscation

• Define and report to CISO and ITLT the appropriate metrics to judge operational effectiveness as well as outstanding risk of the organization for data protection

• Define remediation requirements for global infrastructure teams • Manage associates that operate data protection program Governance:

• Oversee corporate crown jewel protection strategy

• Define remediation SLAs

• Approves all major exceptions for crown jewel security controls

Owns data protection policy and standards for the organization. Assumes responsibility for managing budgeting, accounting and charging requirements within the scope of data protection

Minimum Requirements

Position will be filled commensurate with experience

o University working and thinking level, degree in business/technical/scientific area or comparable education/experience

o Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred

• 10+ years of working experience, 7 of those years with Information Security management

• Demonstrated senior leadership skills: >8 years’ experience in senior management positions in a matrix organization

• Experienced IT executive or Corporate Information (or IT) Security Officer with broad and in-depth technical, analytical and conceptual skills.

• Experience in reporting to and communicating with C-level management (with and without IT background, with and without in-depth risk management background) on information risk topics

• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as non-technical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.

• Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes

• Experience with financial/budget management, scheduling and resource management. Design and implementation of new processes or methodologies in complex organizations

• Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities

• Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.

• Good understanding and knowledge of regulated industries, preferably pharmaceutical industry. Good understanding and knowledge of business processes in a global industry, preferably pharmaceutical industry

• Demonstrated senior leadership skills with the ability to manage large geographically and/or functionally dispersed teams

• Good mediation and facilitation skills

• Excellent knowledge of IT Project Management

• Experience with compliance requirements (e.g. SOX, GxP / CSV, E-compliance, Records Management, Privacy).

• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, ISF Standard of Good Practice and ITIL

• Knowledge of SAP (and general ERP concepts) and experience with typical SAP controls in view of SOX compliance. Preferably also knowledge of SAP GRC.

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

• Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.

• Fluency (written and spoken) in English

Please visit our website at


* If a direct employer requests that you go to their web site and complete your application there in order to be
  considered, please do so. Applications for all positions are subject to each employer's specific requirements.