Posted to MedZilla on 8/17/2017


US-MA, Cybersecurity Architect - Medical Devices 209576BR_1502245067-MZ


Novartis is recruiting for a Cybersecurity Architect - Medical Devices. This position will be located in Cambridge, MA.

Healthcare is one of the most targeted industries by cyber criminals and other digital threats. IT security professionals at Novartis are at the forefront of the battlefield for security and ensure the success of our mission by building IT security and risk management into our solutions. They face new challenges daily and help Novartis get ready to fight the good fight in cyberspace. This meaningful job, of protecting Novartis and patients from threats in an ever changing threat landscape requires fast learning skills, innovative technologies, and methods of mitigation

Information Security Architect will work across information security and risk management and with all information technology functions to ensure medical devices are designed, implemented and operated as per defined policies, standards, medical device regulations and associated security guidance, as well as industry good practices. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist who can think outside the box. The individual must be highly collaborative as they will need to influence senior business leaders, functional leadership, project and application managers, quality and regulatory managers, other architects, engineers and developers.

• Provides in debth expertise to Medical device IT security topics

• Supports medical device projects in secure design and build

• Supports IT operations responsible for medical devices, including associated infrastructure and services in regards to IT Security

• Defines medical device IT security related internal standards

• Collaborates closely with other Security Architects and IT Architects on IT security related matters

• Promotes IT Security culture within business, compliance and IT responsible for medical devices design and operations

• Solution oriented, can define various pragmatic alternatives leading to appropriate IT security results

• Reports on medical device security status across company

• Ensures industry network in regards to Medical device security


• Level of maturity of controls (based on IGM control maturity assessments, internal audits and external benchmarking or assessment) within IT for vulnerability management

• No major audit findings in relation to medical device security by health authorities which were not previously reported to senior leadership

• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies.

• Effective management of information risk status leading to reduced critical audit findings.

• Projects with major involvement pass without major security deficiencies in regards to application security

Minimum Requirements

Position will be filled commensurate with experience



o University working and thinking level, degree in business/technical/scientific area or comparable education/experience

o Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred




• 10+ years of working experience, 7 of those years with Information Security management

• Demonstrated leadership skills: >2 years’ experience in senior management positions in a matrix organization

• 2+ years in the medical device field

• 5+ years as a senior IT security expert

• Experienced IT security architect with broad and in-depth technical, analytical and conceptual skills

• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on information risk topics

• Experience with financial/budget management, scheduling and resource management

• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.

• Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes

• Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.


• Good understanding of pharmaceutical industry. Good understanding and knowledge of business processes in a global pharmaceutical industry


• Good mediation and facilitation skills

• Good knowledge of IT Project Management

• Experience with compliance and security requirements related to medical devices, including data privacy.

• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL

• Knowledge of OWASP, SDLC, Encryption, Identity and Access Management, data integrity measures


• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

• Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.

Please visit our website at


* If a direct employer requests that you go to their web site and complete your application there in order to be
  considered, please do so. Applications for all positions are subject to each employer's specific requirements.