Director- Cybersecurity, Secure by Design

Job Description

Company: AstraZeneca GmbH

Location: Thoothukudi, IN

Job Title: Director- Cybersecurity, Secure by Design GCL: F Introduction to role: Are you ready to hardwire security into every design decision and release, so science can move faster with confidence? Can you lead global engineering teams to move from reactive fixes to design-led, measurable risk reduction? This senior technical leadership role anchors security in the full lifecycle of our digital ecosystem.

You will translate a Trust-by-Design vision into practical engineering patterns that safeguard cloud platforms, software, AI/GenAI capabilities, operational technology, and enterprise applications. Your work will help ensure that the platforms powering discovery, development, and delivery of medicines are secure by default—so teams can innovate at speed without compromising integrity. You will partner across architecture, product engineering, and operations to embed security standards and automate controls at scale.

By shaping guardrails and enabling secure development practices, you will reduce systemic risk, accelerate releases, and protect data that matters for patients and the business.

Accountabilities

• Define and drive the engineering strategy aligned to CISA, NIST SSDF, ISO/IEC 27034, and EU CRA principles; establish a Secure Development Lifecycle across software, cloud, and OT, and convert the CISO’s vision into 18–24 month roadmaps with measurable outcomes.
• Lead threat modelling, secure code reviews, penetration test coordination, and portfolio-wide vulnerability management; convert findings into prioritized remediation and control improvements that demonstrably reduce risk.
• Direct engineering activities across complex software and application projects; design and implement secure-by-default configurations for cloud (IaaS/PaaS/SaaS), containers (Docker, Kubernetes), hybrid and on‑premise; oversee build, configuration, testing, and release of cybersecurity solutions with a focus on secure architecture, DevSecOps, and data security.
• Govern application and software lifecycle security needs including patching, hardening, secrets management, and control validation; lead incident and problem resolution for security-related issues and prevent recurrence through design patterns and automation.
• Provide technical feedback for arguments and supplier selection; evaluate and integrate platforms and partnerships that strengthen code security, CI/CD, cloud posture, and vulnerability remediation.
• Serve as engineering authority applying NIST AI RMF, OWASP Top 10 for LLM, and MITRE ATLAS; define guardrails, fail‑safes, and human oversight by default; partner with an AI centre of excellence to secure AI pipelines across R&D, Commercial, and Manufacturing.
• Drive engineering standards for manufacturing environments, incorporating IEC 62443, Purdue Model layers, and Zero Trust patterns to protect critical systems and ensure safe operations.
• Engage architecture, DevOps, product engineering, and third parties to codify security requirements; lead security design reviews, risk assessments, and represent cybersecurity engineering in governance forums and supplier assurance.
• Ensure solutions meet GxP, 21 CFR Part 11, EU Annex 11, GDPR, HIPAA, SOC2, and OWASP expectations; embed compliance as code where possible to streamline assurance.
• Build, mentor, and empower a hard‑working global cybersecurity engineering team; handle budgets, capacity, and delivery; drive performance metrics and tier reporting; recruit and develop diverse talent and shape future‑focused skills through internal and external partnerships.
• In the first 6–12 months, baseline and operationalize the SDL and secure‑by‑default patterns across priority platforms; by 18–24 months, achieve scaled automation, measurable risk reduction, and adoption of standards enterprise‑wide.

Essential Skills/Experience

• Bachelor’s degree in Computer Science, Information Security, Software Engineering, or comparable specialisation.
• 15+ years of experience in cybersecurity engineering, software security, or product security in a senior leadership or director-level role.
• Deep expertise in Secure by Design / Secure Development Lifecycle (SDL) principles aligned to CISA, NIST SSDF, and ISO/IEC 27034.
• Significant experience with modern software development languages, security patterns, testing phases, and DevSecOps toolchains.
• Proven experience implementing and leading threat modelling, secure code review, and vulnerability management programmes at scale.
• Experience with cloud security engineering across IaaS/PaaS/SaaS platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Experience with AI/GenAI security controls including NIST AI RMF, OWASP LLM Top 10, and secure AI deployment patterns.
• Experience working within a quality and compliance environment including Gx

Source: BeBee