Cybersecurity Engineering Manager Data

Senior Data Security Engineer

About the AstraZeneca

AstraZeneca is a global, innovation-driven biopharmaceutical business that focuses on the discovery, development, and commercialization of prescription medicines for some of the world's most serious diseases. But we're more than one of the world's leading pharmaceutical companies. 

At AstraZeneca, we're proud to have a unique workplace culture that inspires innovation and collaboration. Here, employees are empowered to express diverse perspectives - and are made to feel valued, energized and rewarded for their ideas and creativity. 

About the team

Enterprise Technology Services (ETS) are a global team that are accountable for many of the IT tools and services that directly contribute to the effectiveness of our AstraZeneca colleagues.

We partner locally in more than 60 global business sites for service delivery and IT experience and are accountable for all infrastructure, cybersecurity, IT operations and End User services and technologies.

ETS also manages many of the large IT contracts at AZ, as well as partnering with large organisations on behalf of AZ to deliver value and innovation through new and existing capabilities and services.

About The role

Cybersecurity is paramount to our IT strategy as we progress towards our future objectives. As we navigate through this dynamic and challenging technology landscape, we seek  for a Data Security Engineer that  comprehend that security is a continuous journey, not a final destination. We recognize that investing in cybersecurity entails more than simply purchasing solutions; it demands individuals who prioritize innovation to sustain a resilient risk posture against the ever-evolving threat landscape. Moreover, we acknowledge the reality of potential adversaries, whether they be organized crime syndicates or state-sponsored actors, and thus require professionals who grasp their motivations and methodologies. In our pursuit of safeguarding data within a customer-centric global enterprise, we value professionals who appreciate the criticality of data security. Join us in shaping a secure digital future.

The Senior Data Security Engineerwill be accountable for:

• Engineer cybersecurity solutions spanning cloud, on-premises, and third-party collaboration environments, with a predominant focus on cloud and data.
• Collaborate with other teams in performing, assessing, and evolving IT processes that intersect any of our cybersecurity priorities.
• Map governance and compliance frameworks and their controls to technical implementation, shifting hardening processes as far left as possible.
• Leverage understanding of threats, weaknesses, and vulnerabilities around cloud and data to assist other areas in responding promptly and effectively to contain breaches or to address areas of concern.
• Contribute to defining the future state of cybersecurity within the organisation by conducting gap analysis between our current state and the desired state for tools and services around cloud and data.
• Actively collaborate with multiple teams in AstraZeneca to implement and maintain periodic access audits to assess how systems and human identities interact with data.
• Review existing data security protocols and plan for required improvements.
• Leverage data access analytics to design processes and software to provide increased data security.
• Define the roadmap of our data security technologies.
• Champion a culture of least-privilege access to data. 

Requirements

Essential

• Must have large enterprise IT experience, ideally with significant cloud and data exposure.
• Must have experience designing, deploying, and operating secure networks, systems, application, and security architectures at scale.
• Should have experience working in a software development and systems administration organization – ideally implementing DevSecOps and process automation.
• Must have experience researching, designing, and implementing data security policies, standards, and procedures, including those in GDPR, CCPA and other privacy regulations, as well as implementing data security reference architectures.
• Familiarity with common attack techniques and their remediation or defence including social engineering, phishing, worms, trojans, rootkits, ransomware, XSS, SQL injection, remote command execution, session hijacking, DDoS, etc.
• Must have solid experience configuring and managing cloud security services in an AWS organization, including service control, backup and tagging policies, firewalling, threat detection and data classification.
• Must have strong experience identifying, deploying, and managing cloud security services complementary to cloud provider native services, in a multi-cloud environment spanning AWS, GCP and Azure.
• Solid understanding of identity management and access control protocols.
• Knowledge of business continuity, risk assessment, disaster recovery, and computer forensics.
• Ability to conduct post-mortem on security incidents and take post-mortem data to drive uplift in policies, procedures, standards.
• Experience with SIEM, CSPM, DSPM, IDS, XDR, SOAR technologies.
• Solid understanding of applied cryptography as applicable to varied data sets.
• Experience implementing data masking, anonymization, and tokenization.
• Experience working with technologies that power data analytics such as Hive, Spark, Kafka or similar.

Why AstraZeneca?

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Delivering life-changing medicines is about being entrepreneurial - finding those moments and recognising their potential. Join us on our journey of building a new kind of organisation to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together.

Interested? Come and join our journey.

So, what’s next!

Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you.

Where can I find out more?

Our Social Media:

Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/

Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/

Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en

AstraZeneca is an equal opportunity employer.

AstraZeneca will consider all qualified applicants for employment without discrimination on grounds of disability, sex or sexual orientation, pregnancy or maternity leave status, race or national or ethnic origin, age, religion or belief, gender identity or re-assignment, marital or civil partnership status, protected veteran status (if applicable) or any other characteristic protected by law. AstraZeneca only employs individuals with the right to work in the country/ies where the role is advertised.

📌Strong English communication skills required.

📌 Positions are open to Mexican Citizens and official residents of Mexico.

📍 Location: Guadalajara (hybrid - Expectation of working in the office 3 days a week)
When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working give us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn’t mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.