Senior Consultant - Cyber Security

Job Title: Senior Consultant - Cyber Security

Career Level - D2

Introduction to Role:
Are you ready to leverage technology to impact patients and ultimately save lives? As a Cyber Security Architect at AstraZeneca, you’ll operate within our Cyber Security department to design quality solutions and work with vendors on COTS applications to strengthen our security stance across the enterprise. You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.

Accountabilities:
In this role, you will architect cyber security solutions for the organisation spanning Cloud, Hybrid and on-premises as well as third-party collaboration environments. You will define principles, policies, standards and governance covering various areas of cyber security. You will help define the future state of cyber security within the organisation, conduct review and gap analysis between current state and future state including existing measures and controls, and then work to uplift to align to the future state vision. You will ensure latest trends and technology are considered as part of solutioning. For example, consider the security implications of IoT being integrated into our existing landscape. You will also provide technical support and expertise to cloud users, and conduct architectural reviews throughout project and solutions design lifecycle.

Essential Skills/Experience:
• Must have an understanding of the Cyber Security methodologies, processes and artefacts (OWASP, NIST and ISA)
• Must have been a Solution Architect for at least 3 years covering enterprise and consultancy
• Able to influence and position strategies at multiple levels to both IT and business functions
• Have an excellent understanding and proven capability in Cloud, Hybrid and On-Premise architecture 
• Able to work across multiple teams spanning many geographic regions
• Security, compliance and regulatory experience in a public cloud environment
• Ability to carry out evaluations, gap analysis and vendor assessments for security technologies and applications
• Excellent written and oral communication skills
• Experience planning, researching and developing security policies, standards and procedures
• Solid understanding of security protocols, cryptography, authentication, authorisation and network security implementations
• Ability to design, build, test and implement cyber security solutions  
• Ability to define principles, policies, standards and governance 
• Ability to map governance and compliance frameworks and controls to technical implementation
• Strong Cloud architecture and multiple domain experience
• Familiarity working in and across large geo-dispersed teams 
• The ability to identify and document security processes, techniques and governance into solutions
• Ability to prioritise and validate the threats that really matter
• Shifting security processes as far left as possible.  Build standards that are a part of the solution – not an afterthought.
• Security roadmap and strategy development.

Desirable Skills/Experience:
• Experience designing secure networks, systems and application architectures
• Knowledge of disaster recovery, computer forensic tools, technologies and methods
• Knowledge of risk assessment tools, technologies and methods
• Ability to conduct post mortem on security incidents and/or take post mortem data to drive uplift in policies, procedures, standards 
• Experience in a system administration role supporting multiple platforms and applications
• Security, Cloud and/or DevOps certifications
• Familiarity with common attack techniques and their remediation/defence including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc. 
• Experience working work closely with compliance and audit functions
• Development of application security standards, 
• Ability to implement and conduct static and dynamic code review process
• Ability to implement and conduct penetration testing processes (both automated and manual / exploratory)
• Experience of working with Security incident and event monitoring implementation (SIEM)
• Understanding of authentication technologies and approaches.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn't mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca?
At AstraZeneca, you'll be part of a team that has the backing to innovate, disrupt an industry and change lives. We're a network of entrepreneurial self-starters who contribute to something far bigger. We dare to lead, applying our problem-solving mindset to identify and tackle opportunities across the whole enterprise. Our spirit of experimentation is lived every day through our events like hackathons. We enable AstraZeneca to perform at its peak by delivering world-class technology and data solutions. Our work unlocks the potential of science. We optimise and revolutionise AstraZeneca by maximising efficiencies and finding new ways to drive productivity. From automation to data simplification.

Ready to make a difference? Apply now!

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.