Posted to MedZilla on 9/20/2017


US-MA, Functional Security Expert / Architect 217264BR_1503668996-MZ


Novartis is recruiting for a Functional Security Expert / Architect. This position will be located in Cambridge, MA.

A global healthcare leader, Novartis has one of the most exciting product pipelines in the industry today. A pipeline of innovative medicines brought to life by diverse, talented, performance driven people. All of which makes us one of the most rewarding employers in our field. We're committed to peak performance, improving the quality of life, and embracing and leveraging diverse backgrounds, cultures and talents to achieve competitive advantage.

Healthcare is one of the most targeted industries by cyber criminals and other digital threats. IT security professionals at Novartis are at the forefront of the battlefield for security and ensure the success of our mission by building IT security and risk management into our solutions. They face new challenges daily and help Novartis get ready to fight the good fight in cyberspace. This meaningful job, of protecting Novartis and patients from threats in an ever changing threat landscape requires fast learning skills, innovative technologies, and methods of mitigation


The Functional Security Functional Architect Expert will work across information security and risk management and with all information technology disciplines to ensure new and existing applications solutions and systems designed, implemented and operated as per defined policies, standards, required industry regulations and associated security guidance, as well as industry good practices. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist. The individual must be highly collaborative as they will need to influence senior business leaders, functional leadership, project and application managers, quality and regulatory managers, other architects, engineers and developers. The functional security architect will be responsible for the entire portfolio of new and existing applications for the function he/she represents to ensure proper architecture oversight, risk assessment, remediation plans and overall compliance and security through the SDLC lifecycle.


In addition to accountabilities listed above in Job Purpose:

• Provides in depth expertise to IT functions on IT security topics in the design implementation and risk assessment remediation of any IT solution

• Supports IT projects in secure design and build aligned to supporting function

• Advise to IT operations responsible for security patterns and solutions, including associated infrastructure and services in regards to IT Security

• Review, request and challenge defined IT security related internal standards

• Collaborates closely with other Security Architects and IT Architects on IT security related matters

• Promotes IT Security culture within business, compliance and IT responsible for medical devices design and operations

• Solution oriented, can define various pragmatic alternatives leading to appropriate IT security results

• Reports on security status of projects and operations across across associated function for all IT Security patterns

• Ensures industry network regarding IT security relevant to the associated company function

• Perform risk/threat assessment of all IT project related to the function

• Manage pool of solution architects assigned to portfolio

• Manage prioritization of security assessment an design resources for the function

• Leverage application security risk assessment pool for low impact projects

Minimum Requirements

Position will be filled commensurate with experience


• 10+ years of relevant working experience, 7 of those years with Information Security management

• Demonstrated leadership skills: >2 years’ experience in senior management positions in a matrix organization

• 5+ years as an IT security expert

• Experienced IT security architect with broad and in-depth technical, analytical and conceptual skills

• Experience in reporting to and communicating with senior level management, with and without IT background, with and without in depth risk management background) on information risk topics

• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.

• Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes

• Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.


• Good understanding of pharmaceutical industry. Good understanding and knowledge of business processes in a global pharmaceutical industry


• Good mediation and facilitation skills

• Good knowledge of IT Project Management

• Experience with compliance and security requirements related to medical devices, including data privacy.

• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL

• Knowledge of OWASP, SDLC, Encryption, Identity and Access Management, data integrity measures

Please visit our website at


* If a direct employer requests that you go to their web site and complete your application there in order to be
  considered, please do so. Applications for all positions are subject to each employer's specific requirements.