Job Description
Company: AstraZeneca
Location: Gaithersburg, US
Director, Security Consulting
At AstraZeneca, we pride ourselves on crafting a collaborative culture that champions knowledge-sharing, ambitious thinking and innovation – ultimately providing employees with the opportunity to work across teams, functions and even the globe.
Our dedication to sustainability is also central to our culture and part of what makes AstraZeneca a great place to work.
We know the health of people, the planet and our business are interconnected which is why we’re taking ambitious action to tackle some of the biggest challenges of our time, from climate change to access to healthcare and disease prevention.
Are you ready to shape enterprise security strategy where it matters most-protecting innovation and enabling life-changing medicines to reach patients faster? Do you want to influence VP and executive stakeholders while embedding secure-by-design practices into transformative platforms, AI/ML programs, M&A, and regulated digital products?
As Director, Security Consulting, you will serve as a senior, trusted advisor embedded with product, platform, and business leaders.
You will own the strategy, standards, and delivery of security consulting for a complex, global portfolio, translating business goals, threat intelligence, and regulatory obligations into scalable patterns and policy-aligned architectures.
Your work will accelerate risk-informed decisions, reduce systemic risk, and improve control effectiveness without slowing innovation.
Based in Gaithersburg and reporting into the Commercial IT BISO, you will operate across a highly matrixed environment to set the guardrails that enable speed with confidence.
You will partner closely with architects, engineers, data and AI leaders, and security operations to drive measurable improvements in resilience, audit readiness, and time-to-value.
Accountabilities:
• Strategy and Function Ownership
• Executive Engagement and Influence
• Governance Integration
• Secure-by-Design Standards
• Security Consulting and Major Assessments
• Orchestration
• Program and Portfolio Leadership
• Control Assurance and Compliance
• Third-Party and Supply Chain Security
• Data, AI, and Privacy Enablement
• Incident Preparedness and Response Leadership
• Metrics, Reporting, and Executive Communication
• People Leadership and Talent
• Innovation and Emerging Technology
Essential Skills/Experience:
• Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field
• 12-15 years of progressive experience in information security, including 8+ years leading security consulting, architecture, or BISO functions and influencing senior business and IT executives at VP/SVP level.
• Demonstrated track record of setting enterprise security strategy, standards, and reference architectures in complex, global organizations, and measuring the maturity and business impact of those standards over time.
• Demonstrated ability to apply LLMs and agentic automation to improve cybersecurity and business outcomes, translating use cases into measurable gains (for example faster risk triage, better control evidence, improved detection and response) while protecting sensitive data.
• Deep experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, CIS Controls, and related cybersecurity control frameworks, and demonstrating measurable maturity improvement at enterprise scale.
• Proven ability to design and govern meaningful risk dashboards and metrics (for example in Power BI or equivalent), using actionable data to prioritize remediation, defend investment decisions, and demonstrate risk reduction and resilience improvements.
• Strong understanding of global security operations, incident response, and crisis management; experience as a senior security partner during high-severity events and post-incident reviews.
• Exceptional written and verbal communication skills, with proven ability to present complex technical and risk information to executive, regulatory, and Board-level audiences as well as in-country and business stakeholders.
• Proven ability to manage competing executive-level priorities, operate under time constraints tied to launches, regulatory commitments, and business campaigns, and drive outcomes through influence across a highly matrixed, global organization.
• Demonstrated success building and retaining high-performing security consulting and architecture teams, including senior practitioners, in a global, multicultural environment.
• Proven track record of owning enterprise-wide security consulting, architecture, or risk programs in complex, regulated environments – pharmaceutical, healthcare, life sciences, financial services, or comparable.
• Demonstrated experience setting standards, patterns, and governance that have been adopted enterprise-wide and have produced measurable business and risk outcomes.
• Deep experience with risk assessment methodologies, control frameworks (NIST CSF, ISO 27001, CIS Controls), and global regulatory regimes; experience leading audit and regulator interactions.
• Demonstrated ability to engage, influence, and advise senior executives (VP/SVP and above), translating technical risks into business and strategic language.
• Experience leading and developing cross-functional, geographically distributed teams of senior security professionals; accountable for talent, performance, and succession.
Skills & Competencies:
• Ability to set a multi-year vision, connect security to enterprise strategy, and make defensible trade-offs across risk, cost, speed, and customer experience.
• Deep understanding of cyber risk assessment, risk treatment, and risk mo.
Source: Jobilize