Cyber Security Risk Manager

Cyber Security Risk Manager

Macclesfield

Introduction To Role

AstraZeneca (AZ) is a global biopharmaceutical company dedicated to leveraging cutting-edge science to manufacture and deliver innovative medicines to hundreds of millions of patients worldwide. We are dedicated to advancing science to improve health and deliver results for patients and shareholders. Join us to help make a difference in patients' lives every day.

As we navigate an increasingly digital and interconnected landscape, our focus on Digital, AI & ML, Data & Data Science, and strategic collaborations has opened up exciting opportunities within our cyber security team. Cyber Security stands as a cornerstone of our IT strategy, and we are seeking an adept IT security expert to join us in navigating the complex and ever-evolving risk landscape. In the role of Cyber Security Risk Manager, you will be an integral part of the Cyber Security Risk & Reporting team, ensuring the robust protection of AZ’s IT and information assets across our global operations in the US, UK, Sweden, China, Japan, Poland, Mexico, India, and beyond.

Collaborating closely with colleagues, you will play a pivotal role in identifying and addressing new and emerging cyber security risks. Your responsibilities will include providing vital support to risk owners in assessing and documenting cyber risks in the AZ enterprise register, as well as overseeing the timely implementation and reporting of risk mitigation activities aligned with their risk profile.

Accountabilities

Risk Assessment and Management: Conducting comprehensive assessments of Cyber Security risks across AZ's IT and information assets. This involves identifying, analysing, and evaluating potential threats and vulnerabilities, and developing strategies to mitigate these risks, through collaboration with colleagues.

Risk Reporting and Communication: Communicating cyber security risks effectively to key partners including Cyber Security, global IT functions, and business technology groups (BTGs) leadership teams. This involves preparing and presenting risk reports, highlighting critical issues and proposing actionable recommendations.

Risk Register Management: Overseeing the maintenance and accuracy of the cyber security risk register, which serves as a central repository for documenting and tracking identified risks, their impact, and the status of mitigation activities.

Collaboration and Coordination: Collaborating with cross-functional teams including Cyber Security, global IT functions, and business technology groups (BTGs) to ensure alignment on risk management strategies and activities through established risk networks. This may involve facilitating risk workshops and providing guidance on risk-related matters.

Continuous Improvement: Driving continuous improvement in Cyber Security risk management processes and methodologies based on industry trends, emerging threats, and lessons learned from security incidents.

Regulatory Liaison: Serving as a point of contact for Cyber Security risk management and participating in audits and assessments conducted by external parties and Group Internal Audit.

Essential Skills & Experience

• Bachelor's degree (or equivalent experience) in Computer Science, Information Technology, Cyber Security, or a related field. A relevant Master's degree or additional certifications would be advantageous

• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or similar

• Progressive experience in cyber security, risk management, or related fields, with a focus on assessing and mitigating cyber security risks within a complex organisational environment.

• Proven experience conducting comprehensive cyber security risk assessments and developing risk management strategies in alignment with industry standards and best practice.

• Solid understanding of relevant Cyber Security regulatory requirements and frameworks such as NIST, CIS, ISO, and other industry-specific standards.

• In-depth understanding of cyber security principles, technologies, and best practices, with a focus on risk management.

• Proficiency in conducting comprehensive cyber security risk assessments, identifying and prioritising risks, and developing risk management strategies aligned with organisational objectives.

• Superb communication skills with the ability to effectively convey complex cyber security risk information to diverse stakeholders, including Cyber Security, global IT functions, and business technology groups (BTGs) leadership teams.

• Strong collaboration skills, with the ability to work effectively across cross-functional teams, influence decision-making, and foster a culture of cyber security awareness and accountability.

• Strong analytical abilities to assess and prioritise cyber security risks, and develop data-driven risk management strategies. Proficiency in problem-solving within the cyber security domain.

• A commitment to staying abreast of emerging cyber security threats, trends, and technologies, and a track record of driving continuous improvement in cyber security risk management processes and methodologies.

Desirable Skills & Experience

• Experience within the pharmaceutical or healthcare industry, or similarly regulated environments, would be beneficial, given the specific regulatory and security challenges within these sectors.

• Familiarity with SOX & GxP compliance and experience working across multiple functions such as IT governance, compliance, privacy, or legal, providing a broad perspective on cyber security risk management within an organisation

• Proficiency in additional languages relevant to AstraZeneca's global operations, facilitating effective communication and collaboration in diverse environments.

• Proficiency in advanced data analysis and data visualisation techniques, enabling deeper insights into cyber security risk trends and patterns.

• Knowledge of IT service management frameworks (e.g., ITIL), enabling the integration of cyber security risk management with IT service delivery and support processes.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

We're specialists who are passionate about patients. A curiosity to learn, grow and develop is at the heart of what we do, evolving as our technologies constantly change. We're invested in recognising, coaching and motivating you. Here, your personal and professional journey is filled with unlimited potential.

Ready to make an impact? Apply now!

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.