Senior Director, Security Platform Engineering & Operations

Introduction to role

We want a senior cybersecurity leader to connect architecture, engineering, and operations. Their goal is to secure our cloud, AI, OT, network, and endpoint platforms across the globe. This role is crafted for someone who can lead through complexity, raise maturity, and help us build secure foundations that support innovation across AstraZeneca.

This role holds high-impact leadership responsibilities connected to AstraZeneca’s 2030 ambitions. You will lead the security platforms that support our digital transformation, shaping strategy, delivering resilient capabilities, and turning policy into practical, measurable controls. Reporting to the Executive Director for Cybersecurity Architecture, Engineering, & Operations, you will guide a globally distributed team of engineers and architects across the Americas, EMEA, and APAC.

Accountabilities

Strategic Leadership and Architecture: Define and implement a multi-year strategy for developing and maintaining security infrastructure aligned to enterprise objectives. Own the functional engineering strategy and delivery horizon (18–24 months with a 3–5 year vision). Chair the Cyber Design/Delivery Review Board to ensure cybersecurity alignment across transformation programs. Embed Trust by Design through secure patterns, reference architectures, and baseline configurations. Align activities to NIST CSF (Protect) and advance platform maturity beyond Tier 2 into Tier 3.

Platform Engineering and Operations: Govern the roadmap and lifecycle of core security platforms across cloud (e.g., Wiz, GitGuardian, Akeyless), network and OT (e.g., ClarOTy, Proofpoint, Zero Trust), endpoint (Microsoft Defender, SIEM), and architecture tooling (Vectr, Censys). Lead delivery of the Q3 2026 New SIEM program and drive the Security Copilot initiative. Operationalise Polaris/Sferical AI, AstraZeneca’s sovereign AI datacenter in Sweden, targeting go-live in May 2026. Engineer and implement enterprise infrastructure controls across OT, network, email, and endpoint domains. Own cloud security policies, baseline configurations, and cloud compliance processes.

Risk, Compliance and Consultative Services: Provide authoritative solution design consultations to major programs and business units, including reference architecture reviews. Redesign the consultation model to be risk-based, automated, and enable rapid adoption. Assess and adjudicate exceptions to cloud and infrastructure standards; shape risk mitigation plans. Manage immediate and long-term risks to engineering continuity through cross-functional engagement. Maintain regulatory relationships and ensure compliance with IEC 62443, NIST 800-82, and AstraZeneca’s Security Policy Framework.

People, Talent and Partnerships: Build, mentor, and inspire a high-performing, globally distributed engineering organization. Develop leadership and specialist capabilities through coaching, delegation, and stretch assignments. Grow the talent pipeline with future-critical skills in AI/GenAI, Zero Trust, and cloud-native security. Maintain strategic vendor partnerships (Wiz, Microsoft, ClarOTy, Proofpoint and others). Collaborate closely with adjacent technology and security teams and regional stakeholders to drive integration and alignment.

Financial Stewardship: Develop and manage budgets, including capital plans for the Security Platform Engineering & Operations portfolio. Optimize resources and vendor engagements to deliver complex, multi-program operations at global scale.

Essential Skills/Experience

Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, Information Systems, or comparable specialisation.

15+ years of Significant experience in modern software development, security engineering, and platform architecture.

Experience in agile/scrum environments and managing intricate security engineering initiatives.

Experience with cloud security platforms (e.g. Wiz, AWS/Azure/GCP security tooling) and data security controls.

Substantial experience with AI/GenAI security capabilities and secure design for AI-enabled environments.

Experience deploying enterprise platforms (Docker, SaaS, cloud-native) including web and mobile security controls.

Experience with OT/ICS security standards (IEC 62443, NIST 800-82) and industrial security tools (e.g. ClarOTy).

Experience with SIEM, endpoint, network security, and DLP tooling.

Familiarity with modern test management and vulnerability management tools (e.g. X-Ray for Jira, Vectr, Censys).

Leadership & Business Experience

Substantial experience leading sophisticated, large-scale global IT/security engineering projects and programs.

Significant experience managing geographically dispersed teams across multiple regions and time zones.

Proven experience managing budgets, vendors, and resources for complex security engineering operations.

Experience managing managers and developing engineering leadership talent.

Experience co-working with cross-functional global leadership and senior stakeholders including C-suite.

Experience working in quality and compliance environments; application of policies, procedures, and guidelines.

Demonstrated experience anticipating, assessing, and managing project and security risk.

Experience driving large-scale change and transformation initiatives through and with distributed teams.

Strong communication, influencing, and stakeholder management skills across diverse internal and external audiences.

Desirable Skills/Experience

Advanced degree in a relevant field.

Professional certifications such as CISSP, CCSP, CISM, or GIAC.

Hands-on leadership delivering SIEM transformations and endpoint modernization at global scale.

Proven success maturing NIST CSF Protect capabilities from Tier 2 to Tier 3 or higher.

Experience leading Zero Trust architectures and secure access modernization.

Deep familiarity with platforms referenced in this role (Wiz, GitGuardian, Akeyless, Microsoft Defender, Proofpoint, ClarOTy, Vectr, Censys).

Experience standing up secure AI/GenAI platforms and/or sovereign AI datacenters.

Background in regulated industries with complex compliance requirements (e.g., life sciences, manufacturing).

Demonstrated use of metrics and OKRs to drive platform performance and risk reduction.

Strong DevSecOps practices in agile environments and experience with cloud-native security controls across multiple public clouds.

Why AstraZeneca

This is a chance to lead work that protects the technology behind our science and helps accelerate innovation for patients. You will work at global scale, with modern platforms, complex challenges, and the support to make an impact

We want people who are curious, practical, collaborative, and ready to keep learning. We value a growth mindset over a fixed mindset, and we look for leaders who build strong teams, welcome challenge, and help others succeed!

Inclusion and Equal Opportunity

AstraZeneca is an equal opportunity employer. We are committed to building an inclusive environment where everyone feels respected, supported, and able to contribute. We welcome applications from people of all backgrounds, experiences, and perspectives.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.