Jan 21, 2022

Job Description

2022 is an exciting year for Novartis as we accelerate our growth in the Technology and digital space.

The Director of Threat Response Operations will be an integral part of the Novartis Cyber Security Operations Center (CSOC). The CSOC is an advanced global team passionate about the active defense against the most sophisticated cyber threats and attacks. The Director of Threat Response Operations will assist the Global Head of CSOC to provide leadership and oversight over integral operational services including threat monitoring, threat hunting, and incident response.

The Director of Threat Response Operations will contribute to the implementation of the overall Novartis information security strategy related to cyber security defense and operations. They will manage associated programs, develop and implement required processes, procedures and tools. They will actively encourage a positive culture and cohesiveness within the CSOC, while reporting qualified information about actual cyber threats to the senior management and stakeholders. In this role they will enable informed and consistent risk decisions and establish sustainable security capabilities to support business strategies in an efficient and effective way.

This opportunity is located at the Novartis Cambridge, MA site, and we have the potential to have it based out of East Hanover, New Jersey so will not have the ability to be located remotely.

The impact you'll make:

o Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
o Coordinate monitoring, hunting, investigation, containment, and other response activities with business stakeholders and groups
o Develop and maintain effective documentation; including monitoring, hunting, and response playbooks, processes, and other supporting operational material
o Perform quality assurance review of analyst investigations and work product; develop feedback and development reports
o Provide mentoring of associates and managers and serve as point of escalation for higher severity incidents
o Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
o Recommend or develop new detection logic and tune existing sensors / security controls
o Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
o Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
o Provide to global project and operational teams security advice, guidance, technical expertise and risk analysis as well as support with remediation requirements.
o Liaise with other teams in information security & risk management, architecture & infrastructure management as well as business functions to ensure threat indicators are rated by severity and responded to in a manner consistent with the threat.
o Interface with industry peers and other identified organizations as appropriate to acquire and share threat intelligence information relevant for Novartis.
o Participate in the global information risk committee to ensure that key risks are being made transparent and effective decisions can be taken on risk treatment.
o Ensure security detection, protection, response, and recovery standards, processes and procedures are up-to-date, maintained and followed.
o Responsible for recommending, configuring, operating, maintaining and enhancing relevant security systems and tools globally, based on contextual information and current threat landscape.
o Oversee vendor contracts for Cyber Security Operations Center.

Diversity & Inclusion / EEO

The Novartis Group of Companies are Equal Opportunity Employers and take pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, marital or veteran status, disability, or any other legally protected status. We are committed to building diverse teams, representative of the patients and communities we serve, and we strive to create an inclusive workplace that cultivates bold innovation through collaboration and empowers our people to unleash their full potential.

Minimum Requirements

Education / Qualifications
o University working and thinking level, advanced degree in business/technical/scientific area or comparable education/experience.
o Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner.
o Technical certifications such as CFCE, GCFA, GCFE, GREM, ENCE, CCE.


• 12+ years of experience in Incident Response / Computer Forensics / CSOC team / Threat Hunting or related fields
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills
• Experience in leading and building highly motivated and technical global teams
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on incident response topics
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
• Excellent understanding and knowledge of general IT infrastructure technology and systems
• Proven experience to initiate and manage projects that will affect CSOC services and technologies

You’ll receive:
Competitive salary, annual bonus, long term incentive for select levels, health insurance, paid vacation/holidays, potential flexible working arrangements, employee recognition scheme.

Why consider Novartis?
We’re proud of that fact, in this world of digital and technological transformation, we must also ask ourselves this: how can we continue to improve and extend even more people’s lives?

We believe the answers are found when curious, courageous and collaborative people like you are brought together in an inspiring environment. Where you’re given opportunities to explore the power of digital and data. Where you’re empowered to risk failure by taking smart risks, and where you’re surrounded by people who share your determination to tackle the world’s toughest medical challenges.

We are Novartis. Join us and help us re-imagine medicine.

Cambridge, MA
Information Technology
Full Time
careers default image

Director of Threat Response Operations

Apply to Job Access Job Account