Executive Director Cybersecurity Engineering, Architecture, and Transformation

AstraZeneca is a global, science-led biopharmaceutical company that pushes the boundaries of science to deliver life-changing medicines. More than just a leading pharmaceutical company, we are a vibrant community of innovators dedicated to making a difference in medicine, patients' lives, and society. We foster an inclusive, collaborative culture where you're empowered to push your entrepreneurial spirit, champion diversity, and commit to lifelong learning and growth. At AstraZeneca, you’ll be part of something bigger.

The Executive Director Cybersecurity Engineering, Architecture, and Transformation will lead a global team of directors, senior security engineers, managers, and specialists maintaining a global organization. This leadership position directly reports to the Chief Information Security Officer (CISO) as the CISO’s principle deputy for cybersecurity technology enablement, architecture, and AI powered transformation. This role will drive future state capability via technology transformation; lead enterprise cybersecurity change strategy, oversee implementation plans, and prioritize technology investments across cybersecurity functional areas. An emerging critical focus for this position is the controlled implementation of corporate wide AI enabled by information security, such that AstraZeneca’s AI and information assets are protected with the highest level of confidentiality, integrity and availability. This leader must be prepared to rapidly take change of transformation initiatives in-flight addressing manufacturing zero-trust, enterprise scale generative AI and agentic AI controls maturity, and cybersecurity stack optimization. Working with the office of the CISO, the role is responsible for overseeing the AstraZeneca’s AI and information security needs via providing leadership and support for cyber and AI risk management, policy development, regulatory compliance, data privacy and IT security operations.

The Executive Director Cybersecurity Engineering, Architecture, and Transformation both sets strategic vision and leads teams that plan, execute, and sustain the full lifecycle of AI controls and cybersecurity capability. As the key leader, this role owns the majority of the line items in the CISO’s annual planning process and budget performance. This role is responsible for overseeing AstraZeneca’s business enabling AI and information security needs by bringing an innovator’s perspective and providing strong technology leadership. This role supports emerging AI control protocols and solutions, cloud IaaS /PaaS/SaaS security, infrastructure security, digital asset development and lifecycle risk reduction, software development risk reduction, cybersecurity architecture, IT solution technical and engineering threat modelling, emerging IoT/OT cybersecurity controls, capability innovation, cybersecurity controls assurance and data protection, and collaborates to collaborate to address annual recurring red team risk reduction and remediation efforts. The scope of this role may evolve as technology, ways of working, and pharmaceutical advances change at a rapid rate. This role is critical to the global cybersecurity effort as it demands cross functional engagement across all IT, cybersecurity, and business functions. The ability to effectively influence, engage, and achieve consensus outcomes is a critical must have for success in this position.

Typical Accountabilities

• Represents the CISO at designated Steering committees, architecture review boards, audits, regulator interactions and cybersecurity governance forums. 

• Maintains continuous awareness of AI controls and cybersecurity technology market developments. Develop requirements, understand and apply engineering trade analysis to select AI control and cybersecurity solutions that are compatible with AstraZeneca’s IT and OT environments. 

• Serves as the primary AI cybersecurity controls and cybersecurity subject matter expert within the IT architecture group. With CISO support establishes an AI security center of excellence. 

• Owns cybersecurity solution blueprint processes and lifecycle, collaborates to define responsible AI governance and cybersecurity AI controls compliance, and drives strategic IT2030 Trust-by-Design outcomes.

• Leads assurance team efforts to assess IT and OT designs against Security Baseline Configurations, cybersecurity framework controls, and industry best practices. Ensure the team is highly competent, capable, resourced to assess architecture artifacts and identify AI and cybersecurity risks. 

• Provides AI, SW development, and cybersecurity solution designs that are compliant with the AstraZeneca Security Policy Framework. 

• Collaborates closely with cybersecurity threat intelligence and operations to threat model IT and OT architectures and solution designs by providing actionable risk reduction remediation actions.

• Collaborates and ensures annual penetration testing finding engineering remediation capability that collaborates across IT and OT organizations and leverages IT service delivery processes to drive risk burndown. 

• Coordinate annual cyber security budget creation and prepare business cases. Drive monthly budget performance review and forecasting. 

• Lead the use of sophisticated commercial models, reports, and forecasts to challenge and strengthen decision-making processes across the business/ cyber security area.

• Organize, collaborate, and facilitate innovative cyber security solutions with emphasis on collaborative stakeholder engagement and participation in governance and oversight boards. 

• Coordinate and provide oversight on the management and strategy of a technical security infrastructure for the defence, detection and response to sophisticated cyber threats.

• Support functions creating standard process risk dashboard and appropriate cyber security metrics.

• Actively participate as a member of the AstraZeneca cyber security leadership team.

• Maintain awareness of cyber threat vectors, attack methodologies and mitigation/remediation methods.

• Develop/ Lead global cyber security steering groups with IT Business Technology Groups and other business units.

• Drive security control implementation and maturity into cloud environments, SaaS applications, manufacturing IoT/OT, and data protection initiatives. Direct design/ define and implement policies and appropriate methods for improving cyber security and overall IT operational standards within site/ region/ functional area.

• Build and sustain high-impact relationships (including AstraZeneca infrastructure network relationships, regulatory bodies, business partners, and suppliers) on a global or regional basis.

• Guide definition of business continuity and disaster recovery plans, and risk management activities in line with corporate/ cyber security objectives.

• Effectively manage P&L (including ongoing forecasting, allocation, reviews, revision to address external market variables, accounting) in partnership with finance to optimize short-term performance and long-term growth.

• Provide direction and oversight for continuous improvement/ transformation and cost savings initiatives within cyber security area, as well as global projects.

• Be an exceptional leader and culture champion, driving talent management, employee development, and enhanced engagement and performance across sites and cybersecurity teams globally. 

• Develop, communicate, and monitor cyber security performance objectives aligned with regional scorecards and global objectives.

• Actively source, attract, coach, and develop talent to ensure a healthy talent & leadership pipeline and succession across cyber security teams and senior positions.

• Collaborate closely with the cybersecurity culture and awareness team to develop and deliver AI controls and cybersecurity information campaigns. 

• Lead or participate in global cybersecurity steering groups with IT leadership and other business units.

Education, Qualifications, and Experience

Essential

•  Embrace collaborative and cross-functional team ethos.

• Expert knowledge of AI controls and cybersecurity technology and its application. 

• 15+ years of experience in global cybersecurity architecture and/or engineering, with 8+ years’ experience in a leadership role.  

• Program budgeting, planning, and delivery. 

• Expertise in creating and maintaining performance and operations metrics. 

• Experience in implementing and operating ISO, CIS, and NIST AI and cyber security frameworks.

• Significant knowledge of how engineering supports cyber security operations, incident response countermeasures. 

• Deep understanding of information security technologies, cloud, application, data, and network architecture.

• Practical understanding of procurement processes and IT change management. 

• Proven ability to manage competing priorities and work under pressure. 

• Maintain a global perspective on privacy, security, and data protection issues and trends. 

• Expert at reducing cyber risk in a large, global enterprise.

• Experience building and executing multi-year cyber security strategies; and leading global cybersecurity transformational initiatives in complex, dynamic environments.

• Experience in, credibility, and background to work externally with external industry stakeholders including vendors and regulatory authorities.

Desirable

• Extensive experience in multiple areas of cyber security/ IT delivery within comparable industry (e.g., pharmaceutical).

• Advanced program management skills. 

• IT service desk coordination experience.

• Penetration testing outputs and translating them into risk reduction and remediation projects. 

• A relevant technical degree, competence, or equivalent. 

• Current information security certifications such as a GIAC, CISSP, CISM, CISA, etc. 

• Experience working in other IT disciplines and across a range of industries and sectors.

Skills and Capabilities

• Excellent problem solving and troubleshooting skills, autonomous working, direction, and goal setting.

• Strong written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences. 

• Demonstrated cross-cultural leadership ability.

• Be valued and respected for collaboration, integrity, and enablement.

• Experience working in a global organization where stakeholders and team members are geographically dispersed.

• Experience working with Executive level stakeholders.

Key Relationships to reach solutions

• Cybersecurity Leadership Team

• Enterprise Technology Services Leadership Team

• Enterprise Technology Services functional teams

• IT architecture

• AZ Business Leaders 

• Global security team

• Procurement

• Finance 

• Internal audit 

• IT & Global Compliance teams

External:

• External 3rd parties and suppliers

• External auditors

• Incident response partners

• Peer Pharma companies

• H-ISAC

• Digital Trust community members

• AI solution and cybersecurity vendor community

Technology at AstraZeneca: Where Purposeful Disruptors Thrive!

The annual base pay for this position ranges from227.024,80-340.537,20USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. 

When we put unexpected teams in the same room, we spark bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our outstanding and ambitious world. 

Join a team with the backing and investment to win! You'll be working with brand-new technology. This marriage between our purposeful work and the use of high-tech platforms is what sets us apart. Lead the way in digital healthcare. From exploring data and AI to working in the cloud on new technologies. Join a team at the forefront. Help shape and define the technologies of the future with the backing you need from across the business. 

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives.