Band
Level 7
Job Description Summary
Head DDIT ISC Security Architecture
Location: Basel, Switzerland
About the Role:
The Head DDIT ISC Security Architecture will manage and lead the Enterprise Security Architecture team as well as contribute to an extensive transformation program to modernize and centralize Novartis' IAM backbone.
The role will be responsible for architecture and design of all security platforms, define the standards for their use and acceptable implementation patterns, in line with Novartis information security standards and industry best practices. In this role they will be leading cross-functional teams to define and execute our Security Enterprise Architecture Roadmap to ensure our systems and data are secure and project can be delivered by DDIT with security principles baked in by design.
Job Description
Key Responsibilities:
* Understand business and technical requirements, propose solutions, provide technical oversight, lead technical implementation, and support adoption of new technologies and capabilities.
* Complete oversight of Novartis security architecture including IAM, Cloud, End Point, Network, Application Security, Data Protection, Cyber Tools
* Definition of security standards and architecture patterns and contribution to the overall Novartis technology strategy.
* Technical leadership for various IAM transformation projects, throughout the project lifecycle, including evaluating business requirements and security technologies, planning technology deployment, aligning with security engineering and solution architecture teams.
* Ensure the efficient and effective elaboration, validation, and communication of the Enterprise Security Architecture for across Novartis, and effectively liaise with other teams in information security & risk management, infrastructure & architecture management as well as business functions.
* Contribute to the development of overall Novartis technology strategies, designs, standards, and procedures that support business strategies.
* Ensure that project and development teams gain a sufficient level of IT security awareness for designing new services, technology, and source code to gain an effective and sustainable IT security improvement and lower risk to the organization when projects are handed over to operations.
* Report overall security technology stack maturity and operational stability across company.
* Ensures industry network regarding security architecture and trends.
* Decide when a pattern cannot be implemented if an exception from the technology standard is allowed.
* Stand in for CISO on decision making for technical challenges and overall security technology strategy globally for Novartis.
Essential Requirements:
* 10+ years of working experience in information security domain; minimum 5 years in architecture capacity; 5+ years of IAM project experience and leading team/s.
* Demonstrated security architecture conceptual skills, solutions delivery, and decision making, incorporating sound security principles, and emerging technologies to design and implement enterprise security solutions.
* Prior experience in security policy, standards, guidelines, and patterns definition.
* Prior experience in leading from a technical point of view security transformation projects
* In depth understanding of the IAM domain including strong knowledge of: Identity and account provisioning standards and best practices (B2B and CIAM); Role and attribute-based access control implementation experience; IAM governance processes; Azure Active Directory security technologies; IAM capabilities of major cloud providers (AWS, Azure, Salesforce, Workday, ServiceNow, SAP, etc.); Privileged access management for various types of technologies covering on premise; Active Directory architecture; API security and best practices for authentication/authorization; Automation and integration related to IAM systems; SIEM / monitoring and auditing for IAM.
* Experience in reporting to and communicating with senior level management (with and without IT background), with and without in-depth risk management background on information risk topics.
* Good knowledge of IT Project Management, managing projects that will affect other divisions, departments, and functions, as well as the corporate environment.
* Experience working in a multi-vendor, global environment and leading technical teams
* Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills, as well as good mediation and facilitation skills.
* Self-motivated, delivery focused with keen attention to detail and good decision-making ability with/without supervision to deliver in time and at expected quality.
* Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.
Desirable requirements
* Professional information security certification, such as CISSP, CCSP, CISM is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
* University working and thinking level, degree in business/technical/scientific area or comparable education/experience
Why Novartis?
Our purpose is to reimagine medicine to improve and extend people's lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us Learn more here:
Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here:
Benefits and rewards:
Read our handbook to learn about all the ways we'll help you thrive personally and professionally:
Commitment to Diversity & Inclusion:
We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
Accessibility and accommodation:
Novartis is committed to working with and providing reasonable accommodation to all individuals. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in any order to receive more detailed information about essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information. Please include the job requisition number in your message.
Skills Desired
Communication Skills, Cyber-Security Regulation, Cyber Security Strategy, Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management, Stakeholder Management, Talent Development