In this role of Digital Asset Security Manager, you’ll operate within AstraZeneca’s Cyber Security division taking ownership in ensuring all Digital Assets owned by AstraZeneca are secure. The definition of a Digital Asset is anything that is created and stored digitally, is identifiable and discoverable.  This includes, but is not limited to custom developed applications, APIs, Containers, Public Cloud, and artefacts such as data, images, videos, documents, data science graphs, etc.  You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.

You will be responsible for delivering AstraZeneca’s Secure Software Development Lifecycle (SDLC) program which provides security by design frameworks for application development teams.  In addition to defining frameworks, taking ownership for providing metrics and progress on the SDLC that shows progress and compliance towards AstraZeneca security goals are being met is crucial. 

Through the identification of any vulnerabilities, responsibilities to drive lessons learnt and action plans for improvements enables a cyclic approach to secure applications and assets that are delivered across the organisation.

Essential experience:

• Must have an understanding of OWASP, documentation and artefacts, business logic flaws.  Ability to explain vulnerabilities and weaknesses and discuss effective defensive techniques.
• Must have experience of at least one of the following Cyber Security areas:

Web including WAFs, Mobile, Application, Cloud, API, AI & Data

• Must have large enterprise IT experience, ideally with some Cloud and DevOps exposure.
• Able to influence at engineering, architecture, strategic and leadership levels.
• Development experience – ideally with process automation and/or configuration management
• Good understanding of agile and DevOps methodologies
• Security, compliance, and regulatory experience in a public cloud environment
• Excellent written and oral communication skills
• Experience planning, researching, and developing security policies, standards, and procedures.
• Familiarity with Security technologies including Web vulnerability scanning, system integrity monitoring, API Security, Cloud Security, etc.
• Awareness of common attack techniques and their remediation/defence including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
• An understanding of security protocols, cryptography, authentication, authorisation, and network security implementations
• Good understanding of Application Programming Interfaces, dependencies, authentication, and execution

Desirable experience

• Ability to conduct post-mortem on security incidents and/or take post-mortem data to drive uplift in policies, procedures, standards.
• Cloud and/or DevOps certifications
• Experience working closely with governance, risk, compliance, and audit functions.
• Experience in working successfully in a high matrix organisation.
• Experience of patterns, reviews and design decisions that will impact cyber security across Digital Assets
• Familiarity working in and with DevOps teams.
• Familiarity with Security technologies including Vulnerability scanning, system integrity monitoring, Penetration Testing, etc
• Experience firewalls, content filtering, vulnerability management tools and platforms (Qualys, Tanium, etc.)

Why AstraZeneca?

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Delivering life-changing medicines is about being entrepreneurial - finding those moments and recognising their potential. Join us on our journey of building a new kind of organisation to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together.