Posted to MedZilla on 9/20/2017


US-MA, Security Architect - Network 212429BR_1503669284-MZ


Novartis is recruiting for a Security Architect - Network. This position will be located in Cambridge, MA.

A global healthcare leader, Novartis has one of the most exciting product pipelines in the industry today. A pipeline of innovative medicines brought to life by diverse, talented, performance driven people. All of which makes us one of the most rewarding employers in our field. We're committed to peak performance, improving the quality of life, and embracing and leveraging diverse backgrounds, cultures and talents to achieve competitive advantage.

Healthcare is one of the most targeted industries by cyber criminals and other digital threats. IT security professionals at Novartis are at the forefront of the battlefield for security and ensure the success of our mission by building IT security and risk management into our solutions. They face new challenges daily and help Novartis get ready to fight the good fight in cyberspace. This meaningful job, of protecting Novartis and patients from threats in an ever changing threat landscape requires fast learning skills, innovative technologies, and methods of mitigation.

Position Purpose

The Information Security Architect – Network will work across information security and risk management and with all information technology functions to ensure networks are designed and implemented as per defined policies, standards and industry good practices. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist who can think outside the box. The individual must be highly collaborative as they will need to influence functional leadership, project and application managers, other architects, engineers and developers.

Major Accountabilities

• Provides in depth expertise to Network Security topics

• Supports projects where a major deviation is required from secure network standard design

• Owns network security related internal standards

• Identifies major internal network security related deficiencies and defines/designed the official pragmatic approaches on how to remediate them at scale

• Collaborates closely with other Security Architects and IT Architects on Application Security related matters

• Promotes IT Security culture

• Solution oriented, can define various pragmatic alternatives leading to appropriate application security results

• Reports on network security status across company and is responsible for maintaining a clear risk acceptance/remediation level and agree to it with CISO and official ISRM governance bodies

• Ensures industry network in regards to network security

• Designs and signs off on all network security requirements and official solutions

Minimum Requirements

Position will be filled commensurate with experience

• University working and thinking level, degree in business/technical/scientific area or comparable education/experience

• Professional information security certification, such as CISSP, CISM or ISO 2

• Fluency (written and spoken) in English

• 10+ years of working experience, 7 of those years with Information Security management

• Demonstrated leadership skills: >2 years’ experience in senior management positions in a matrix organization

• 4+ years as a senior network security architect

• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on information risk topics

• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.

• Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes

• Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities

• Proven experience to initiate and manage projects that will affect other divisions, departments and function, as well as the corporate environment.

• Good understanding and knowledge of regulated industries, preferably pharmaceutical industry.

• Good understanding and knowledge of business processes in a global industry, preferably pharmaceutical industry

• Good mediation and facilitation skills

• Good Knowledge of IT Project Management

• Experience with compliance requirements (e.g. SOX, GxQ / CSV, E-compliance, Records Management, Privacy).

• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL

• Deep understanding of network design, datacenter design, perimeter design, LAN design, WAN design, Firewalls, Intrusion Detection Systems, Firewall Rule Management, Deep Packet Inspection, Packet Capture and interpretation of packet capture, Web Application Firewalls, Network based attacks and detection techniques.

• High level of personal integrity and the ability to professionally handle confidential matters, and exude the appropriate level of judgment and maturity

• Ability to handle competing priorities and seeking consensus when stakeholders have different or even contradicting options

Please visit our website at


* If a direct employer requests that you go to their web site and complete your application there in order to be
  considered, please do so. Applications for all positions are subject to each employer's specific requirements.