Cyber Security - Digital Assets Specialist

Cyber Security - Digital Assets Specialist

In this role of Digital Asset Security Manager, you’ll operate within AstraZeneca’s Cyber Security division taking ownership in ensuring all Digital Assets owned by AstraZeneca are secure. The definition of a Digital Asset is anything that is created and stored digitally, is identifiable and discoverable.  This includes, but is not limited to custom developed applications, APIs, Containers, Public Cloud, and artefacts such as data, images, videos, documents, data science graphs, etc.  You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.

You will be responsible for delivering AstraZeneca’s Secure Software Development Lifecycle (SDLC) program which provides security by design frameworks for application development teams.  In addition to defining frameworks, taking ownership for providing metrics and progress on the SDLC that shows progress and compliance towards AstraZeneca security goals are being met is crucial. 

Through the identification of any vulnerabilities, responsibilities to drive lessons learnt and action plans for improvements enables a cyclic approach to secure applications and assets that are delivered across the organisation.

Essential experience:

• Must have an understanding of OWASP, documentation and artefacts, business logic flaws.  Ability to explain vulnerabilities and weaknesses and discuss effective defensive techniques.
• Must have experience of at least one of the following Cyber Security areas:

Web including WAFs, Mobile, Application, Cloud, API, AI & Data

• Must have large enterprise IT experience, ideally with some Cloud and DevOps exposure.
• Able to influence at engineering, architecture, strategic and leadership levels.
• Development experience – ideally with process automation and/or configuration management
• Good understanding of agile and DevOps methodologies
• Security, compliance, and regulatory experience in a public cloud environment
• Excellent written and oral communication skills
• Experience planning, researching, and developing security policies, standards, and procedures.
• Familiarity with Security technologies including Web vulnerability scanning, system integrity monitoring, API Security, Cloud Security, etc.
• Awareness of common attack techniques and their remediation/defence including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
• An understanding of security protocols, cryptography, authentication, authorisation, and network security implementations
• Good understanding of Application Programming Interfaces, dependencies, authentication, and execution

Desirable experience

• Ability to conduct post-mortem on security incidents and/or take post-mortem data to drive uplift in policies, procedures, standards.
• Cloud and/or DevOps certifications
• Experience working closely with governance, risk, compliance, and audit functions.
• Experience in working successfully in a high matrix organisation.
• Experience of patterns, reviews and design decisions that will impact cyber security across Digital Assets
• Familiarity working in and with DevOps teams.
• Familiarity with Security technologies including Vulnerability scanning, system integrity monitoring, Penetration Testing, etc
• Experience firewalls, content filtering, vulnerability management tools and platforms (Qualys, Tanium, etc.)

Why AstraZeneca?

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Delivering life-changing medicines is about being entrepreneurial - finding those moments and recognising their potential. Join us on our journey of building a new kind of organisation to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together.

Interested? Come and join our journey.

So, what’s next!

Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you.

Where can I find out more?

Our Social Media:

Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/

Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/

Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en

If you have site, country or departmental social media then feel free to switch any of the above links

AstraZeneca is an equal opportunity employer.

AstraZeneca will consider all qualified applicants for employment without discrimination on grounds of disability, sex or sexual orientation, pregnancy or maternity leave status, race or national or ethnic origin, age, religion or belief, gender identity or re-assignment, marital or civil partnership status, protected veteran status (if applicable) or any other characteristic protected by law

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.