Senior Security Architect - Commercial areasJob ID: 391616BRLocation: MexicoSummaryNovartis Commercial Innovative Medicines International & US provide digital technologies that bring world-class, innovative medicines to patients around the world. As a Functional Security Architect (FSA), you will support these critical initiatives by providing subject matter expertise in the domain of end-to-end security architecture.About the Role
- Providing in-depth expertise to business leaders and technical audiences about cybersecurity standard methodologies for CRM, CMS, and Interactive Product assets.
- Advising engineering and website development teams about approved security patterns and practices.
- Reviewing and challenging defined IT security related internal standards for the ongoing improvement of Novartis policies and procedures.
- Acting as single point of contact, collaborating closely with other Security Architects and IT Architects on IT security related matters.
- Promoting IT Security culture within the business and application management team.
- Defining pragmatic solutions and recommending alternatives that meet or exceed security requirements.
- Reporting on security status of projects and building external networks regarding IT security relevant to the business function.
- Performing risk/threat assessments of all IT projects related to the function.
- Leading a pool of external security and solution architects assigned to the portfolio and prioritizing security assessments for the function.Role Requirements:
- University working and thinking level, degree in business/technical/scientific area or comparable education/experience.
- 7+ years' work experience, with a minimum of 5 years within Information Security management as an Architect.
- 5+ years as an IT security expert.
- Experience with Salesforce.Com and Drupal or equivalent is essential.
- Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and change management processes, especially in large scale implementations.Desirable:
- Professional information security certification, such as CISSP, CISM, or ISO 27001 auditor/practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA, or CRISC is preferred.
- CSSLP, GSSP, ECCSP, CASS.#J-18808-Ljbffr