Vidare till huvudinnehåll
Sök

Director, Cyber Risk Management & Remediation

Plats Chennai, State of Tamil Nādu, Indien Jobb-id R-255694 Datum inlagd 07/01/2026

Job Title: Director, Cyber Risk Management & Remediation

GCl: F

Introduction to role:

Are you ready to turn sophisticated enterprise cyber risk into critical, measurable results that protect how we run the business and deliver life‑changing medicines? Can you build the security posture of core platforms and application deployment at global scale while guiding senior leaders toward the right trade‑offs!

You will engage at the earliest stages of major transformations. You will embed pragmatic controls, orchestrate remediation, and ensure SOX and compliance obligations are met. You will do all this while keeping delivery on track.

Embedded with platform and engineering leadership and operating as part of the enterprise cybersecurity function, you will set standards, governance, and operating models that translate risk into prioritized, defensible remediation. Your impact will be transparent in clear metrics, reduced residual risk, audit‑ready evidence, and resilient platforms that underpin our ability to get medicines to patients safely and efficiently.

Accountabilities:

  • Risk Lifecycle Ownership: Lead the recognition, evaluation, management, approval, and supervision for the portfolio; maintain an authoritative risk register spanning SAP, SDLC/DevSecOps, automation, workflow platforms, and software supply chain with clear owners, timelines, and a predictable executive blocking issue cadence.
  • Executive Engagement and Influence: Advise senior technology and business leaders; translate threat intelligence, regulatory drivers, and delivery realities into clear risk priorities and investment decisions that protect critical business processes.
  • Define and run the governance model for risk acceptance, exceptions, and waivers. Ensure residual risk is detailed, treatments are time‑bound, and blocking issues align with enterprise appetite. Apply SOX‑relevant controls and secure finance and audit participation when enterprise financial platforms are in scope.
  • Control Baseline and Framework Mapping: Set and carry out defensible control baselines across SAP, SDLC/DevSecOps, RPA/chatbots, and workflow platforms; map to NIST CSF, ISO 27001/27002, CIS Controls, OWASP, and internal policy; measure and uplift control coverage and maturity over time.
  • Risk Assessment and Treatment: Lead high‑impact assessments for S/4HANA migration, engineering service changes, new automation deployments, platform integrations, AI/ML and agentic automation, and M&A due diligence; ensure risks, exceptions, and treatments are consistently documented and tied to business outcomes.
  • Remediation Program Leadership: Sponsor and lead all aspects of multi‑team programs addressing vulnerabilities, configurations, architectural gaps, and control deficiencies. Identify turning points, RAID, progress tracking, and benefits realization to ensure lasting risk reduction.
  • Remediation Execution and Orchestration: Drive delivery across SAP Basis teams, software engineering leads, automation centers of excellence, and platform owners; handle dependencies, remove blockers, and coordinate timing with release schedules and SOX change-control requirements to protect stability and compliance.
  • Control Assurance and Audit Readiness: Oversee control health, testing, and evidence management; lead engagements with internal/external auditors and regulators across ISO 27001, SOC 2, SOX ITGC (for SAP financial systems and SDLC controls), and GxP/GMP where applicable; ensure durable, traceable, audit‑ready evidence.
  • Third‑Party and Software Supply Chain Risk: Set supplier and SaaS risk standards—including due diligence, minimum controls, contractual clauses, SCA, and continuous monitoring—for systems integrators, platform vendors, third‑party apps, and open‑source libraries; integrate third‑party risk into the register and own executive blocking issues.
  • Data, AI, and Privacy Enablement: Safeguard critical and regulated data across SAP, automation workflows, and platform integrations; enable compliant AI/ML and agentic automation via classification, encryption, DLP, monitoring, and model‑risk controls aligned to GDPR, NIS2, and internal data governance standards.
  • Incident Preparedness and Response Leadership: Partner with security operations and crisis teams to strengthen playbooks and BCP for SAP, automation, platform, and supply chain scenarios; sponsor corrective actions and ensure lessons learned to become durable control improvements.
  • Metrics, Reporting, and Executive Communication: Define benchmarks/KRIs and business‑centric dashboard, privileged bot access posture, platform configuration scores, repeat‑finding rates, mean time to remediate—and communicate posture and priorities to executive governance and, when required, Board‑level forums.
  • Collaborator Management: Build trusted relationships across platform, engineering, architecture, quality, legal/privacy, audit, sourcing, and cyber leadership; influence investment to resolve systemic risks and remove multi-functional blockers

Essential Skills/Experience

  • 15 years of dynamic experience in information security, including 8+ years leading risk management, remediation, BISO, or equivalent functions and influencing senior business and IT executives at VP/SVP level.
  • Demonstrated track record of crafting and operating an enterprise risk lifecycle (identification, assessment, treatment, acceptance, monitoring) and remediation portfolio in sophisticated, global organizations, and measuring risk reduction and control development throughout the duration across enterprise application and software delivery environments.
  • Demonstrated ability to apply LLMs and agentic automation to improve cybersecurity and business outcomes, translating use cases into measurable gains (e.g., faster risk triage, automated control evidence collection, improved detection and response, accelerated software vulnerability triage) while protecting critical data and maintaining appropriate oversight of automated processes.
  • Deep experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, CIS Controls, OWASP (ASVS, Top 10, SAMM), and related frameworks across enterprise applications, software delivery pipelines, and SaaS platforms, demonstrating measurable maturity improvement at enterprise scale.
  • Good understanding of SAP security architecture including authorization concepts (role design, SoD analysis and remediation, GRC or equivalent experience), Basis and system security (transport management, RFC/interface security, secure landscapes), S/4HANA and cloud security considerations, and SOX ITGC controls for SAP financial systems; ability to assess risk, lead remediation, and partner with Basis and GRC teams.
  • Hands‑on leadership embedding security into SDLC and delivery pipelines—SAST, DAST, SCA, secrets management, container/Kubernetes security, CI/CD hardening, software composition analysis and open‑source risk management, and developer enablement—with evidence of measurable risk reduction at scale.
  • Understanding of risks in RPA/chatbot deployments, including privileged credential management for attended/unattended bots, bot lifecycle governance, sensitive data handling, emerging agentic AI security, and integration security; ability to define enterprise bot security standards and drive remediation.
  • Experience securing enterprise workflow platforms access and role governance, integration/API authentication, service account and privileged access management, third‑party app/plugin risk, workflow/scoped app security, and audit trails and handling risk across broad enterprise integrations.
  • Demonstrable ability to handle challenging executive priorities. Deliver results under time constraints related to release windows, audit cycles, delivery achievements, automation go‑lives, and regulatory commitments. This occurs across a highly matrixed, global environment.
  • Bachelor’s degree or equivalent experience in Information Security, Computer Science, Risk Management, or related field (master’s degree or equivalent experience strongly preferred).
  • Professional certifications such as CISSP, CISM, or CRISC required.

Desirable Skills/Experience:

  • Experience working in a global, matrixed organization with distributed teams and significant operations across the US, UK, Sweden, China, Japan, India, and Latin America.
  • Direct experience as a BISO, Head of Cyber Risk, or Head of Application Security in a regulated pharmaceutical, life sciences, or comparable organization with substantial SAP and software engineering responsibility.
  • Hands‑on experience with SAP GRC, authorization design analysis, and Basis security in a SOX‑compliant environment.
  • Direct experience leading large‑scale application security programs
  • Experience securing enterprise‑scale RPA and automation

When we put unexpected teams in the same room, we unleash aggressive thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca:

Join a technology community that connects the dots across the enterprise to simplify, scale, and unlock real business value. You will work at the heart of significant shifts, next-generation engineering pipelines, and intelligent automation. Unexpected teams capture together in a shared space to challenge assumptions and fuel aggressive thinking. We value grit alongside ambition and back crucial leaders with data, teamwork, and modern tooling. Your expertise will help shape secure platforms that power our science and operations, so medicines reach patients optimally. This is a place to move fast, to learn continuously, and to see your impact measured in both risk reduction and business outcomes.

Lead measurable risk reduction at enterprise scale and build the secure foundation for breakthrough science—take the next step and make your impact now!

Date Posted

01-Jul-2026

Closing Date

23-Jul-2026

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.



AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.

Gå med i vårt talangnätverk

Bli först med att få jobbuppdateringar och nyheter från AstraZeneca

Registrera
Glassdoor logo Rated four stars on Glassdoor

Härlig kultur, stimulerande arbetsuppgifter, stöttande ledarskap. Utvecklings möjligher inom företaget. Vi värdesätter inkludering och mångfald.