Jun 14, 2022

Job Description

15 Petabyte of data hosted, 49 countries supported, 15000 servers and thousands of devices to connect locations and businesses.
Information is clearly one of Novartis` most valuable asset.
In ISRM (Information Security and Risk Management), we implement and maintain solutions that secure the Novartis environment, protect our data and provide the necessary control framework to enable compliance with the various regulations associated with the healthcare industry.
105,000 outstanding individuals work with Novartis all with different needs and aspirations. Aligned to a single inspirational purpose to reimagine medicine for millions of patients across the world.
Join us and directly contribute to Novartis’ vision to Reimagine Medicine

Your Responsibilities Include but are not limited to:

• Complete oversight and ownership of application vulnerabilities throughout lifecycle:
 Ensure centralized logging of application vulnerabilities data from multiple sources (i.e., external / internal penetration testing, code security testing, internal / external vulnerability scanning, etc.) across technologies including web, mobile, SaaS, APIs, cloud platforms, IaC, containers, ERPs, etc. and standardized security risk rating.
 Define and govern remediation requirements for global SDLC project and dev teams.
 Monitor new/old findings and follow-up with stakeholders per vulnerability prioritization for timely and adequate treatment
 Carry out conceptual, analytical, and innovative problem-solving and evaluative follow up tasks to meet the goal of vulnerabilities and its risk exposure reduction.
 Support validation of automated vulnerability scan results and post remediation confirmations
 Provide mitigation steps and treatment guidance as needed to application teams
 Analyze opportunities for improvements and out of the box thinking for optimization of vulnerabilities reduction from specific function, product teams and/or vul. types.
 Daily monitoring of vulnerability metrics, KPI/KRI and periodic reporting to leadership team or stakeholders for remediation service effectiveness
• Define and enforce application security remediation initiatives such as testing coverage improvements, secure development practices, processes for secure adoption of applications, secure development practices, etc.
• Develop and enforce security policies and procedures across the Application Security Domain
• Develop and enforce security best practices and governance models for application vulnerability mgmt. in DevSecOps practices and Agile software development
• Identify common vulnerability trend and suggests pragmatic approaches on how to remediate them at scale.
• Conduct training & sessions for stakeholders and development teams for secure application development/configurations.
• Possess in depth expertise to Application Security topics to be able to promote a culture of secure applications and development
• Reports on application security status across Novartis ecosystem

Diversity & Inclusion / EEO

Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Minimum Requirements

• BE/ Btech with 9+ years of overall working experience in information security, At least 5+ years in secure SDLC, application security testing and/or technical vulnerability management, Demonstrated leadership skills through 2+ years’ experience in middle management.
• Strong knowledge of vulnerability scoring systems e.g., CVSS, DREAD, OWASP, CWE, CAPEC, MITRE, etc. for application vulnerabilities
• Expertise in security SDLC requirements and secure application controls , reporting to and communicating with senior level management with in depth application security and vulnerability/risk management domain
• Excellent understanding and knowledge of IT application technology, systems, and management processes
• Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities

766 million lives were touched by Novartis medicines in 2021, and while we’re proud of this, we know there is so much more we could do to help improve and extend people’s lives.
We believe new insights, perspectives and ground-breaking solutions can be found at the intersection of medical science and digital innovation. That a diverse, equitable and inclusive environment inspires new ways of working.
We believe our potential can thrive and grow in an unbossed culture underpinned by integrity, curiosity and flexibility. And we can reinvent what's possible, when we collaborate with courage to aggressively and ambitiously tackle the world’s toughest medical challenges. Because the greatest risk in life, is the risk of never trying!
Imagine what you could do here at Novartis!
No video provider was found to handle the given URL. See the documentation for more information.
Hyderabad, AP
Information Technology
Full Time
careers default image

Associate Director - AppSec Remediation

Apply to Job Access Job Account