**Cyber Security Vulnerability Management Associate Director**
**Chennai, (India) Guadalajara (Mexico)**
**FL.V1**
**ABOUT THE ENTERPRISE TECHNOLOGY SERVICES TEAM**
The Enterprise Technology Services (ETS) team is accountable for all Infrastructure, Security, IT Operations and all End User Services and technologies.
This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience.
It's a dynamic and challenging environment to work in - but that's why we like it.
There are countless opportunities to learn and grow, whether that's exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever.
This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.
**JOB ROLE**
We're looking for an IT security professional that can help us on the journey through this challenging and ever-changing technology landscape.
An Individual who:
- Understand that security is a journey and not a destination.
Cyber Security is not something that can be "fixed", and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape.
- Understand that we can't just buy our way out of a Cyber Security problem.
Technology may win the battle, but it won't win the war.
- Understand that Cyber Security is not just dealing with individual hackers.
We are potentially working against state-sponsored attacks and multi-billion-dollar organized crime syndicates.
- Understand attackers, their motivations, and their ways of working to be able to get ahead and keep ahead of them.
**KEY RESPONSIBILITIES**
- You will be responsible for leading a team and providing management, leadership and oversight of the internally delivered Cybersecurity vulnerability management service.
Own and manage the vulnerability assessment and management programme and execute a vulnerability management strategy across all AstraZeneca environments Design and develop vulnerability mitigation strategy, prioritise identified vulnerabilities, and manage risk associated with vulnerabilities.
- Improving and automating existing vulnerability management lifecycle.
Including but not limited, data ingestion & normalisation, compliance metrics and detections on assets.
- Participate in impact assessments to help define prioritisation and proper monitoring coverage.
- Provide recommendations and technical guidance for the lifecycle of vulnerability management
- Develop automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs
- Strong knowledge of vulnerability management - Triage, Prioritise, Remediate, and security threat modelling
- Develop relationships with IT teams to resolve aging critical vulnerabilities on assetsEstablish regular forums with stakeholders to drive remediation of vulnerabilities.
- Providing metrics and reports to provide status updates.
Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
- Maintain oversight of vulnerability reporting communications
- Analyze requirements to develop and manage program metrics and performance through reporting and active engagement with stakeholders for continuous service improvement
**ESSENTIAL EXPERIENCE**
- Extensive experience working in Security, in a complex, multinational, corporate environment
- Proven experience leading a cyber security team
- A high level of governance knowledge
- A deep understanding of various security technologies and controls
- Demonstrate a detailed understanding of Cyber security
- Experience of vulnerability management methodologies and tools
- A relevant technical degree, competence or equivalent (CISSP, CISM, CCSP) and competence to lead various Security initiatives
- The role will be to manage people and advise the work of others
- Excellent problem solving and troubleshooting skills, autonomous working, direction and goal setting
- Strong written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences
- Be valued and respected for collaboration, integrity and enablement
- Experienced in developing and leading innovative solutions and "thinking outside of the box"
- Ability to analyze complex situations, assessing risks and balancing strategic and tactical Security requirements with business pragmatism, risk appetite and innovation
- Ability to prioritize, re-schedule and adapt to changes in a dynamic environment
**KEY RELATIONSHIPS**
- IT Operational teams
- AZ business risk / security teams
- Procurement
- Finance
- Internal audit teams
- IT & Global Compliance teams
**SO, WHAT NEXT?