Jul 22, 2024


Information Security Architect will work across information security and risk management and with all information technology functions to define technical security standards, design and blueprint the security architecture and support project teams in choosing the right security architecture within the Application Security domain. The Information Security Architect ensures that Novartis has an accurate, threat driven, and timely understanding of the vulnerabilities that exist within the global design and source code of technologies and that effective processes exist to address the ones flagged for remediation.

About the Role

Major accountabilities:

  • Complete oversight of entire secure design lifecycle:

    • Define the tooling and services required for secure software design and development globally across major design fields, e.g. digital, ERP, web applications and Industrial Control Systems.

    • Define and manage the tooling and services required for security testing services, e.g. penetration testing, mobile application security testing, source code inspection.

    • Define the tooling and services required for information risk management during projects.

    • Oversee all vendor contracts for secure software design and development.

    • Define and report to CISO the appropriate metrics to judge operational effectiveness as well as outstanding risk of the organization due to vulnerabilities introduced by projects, e.g. software vulnerabilities and insufficient development practices

    • Define remediation requirements for global Application Security project and development teams.

    • Manage associates that operate secure software design and development and remediation oversight

    • Define requirements for system retirement or other protection in case software vulnerabilities cannot be addressed in source code itself

    • Ensure information risks introduced by new technology and technology related services are identified, communicated to appropriate stakeholders and remediated

    • Ensure applications are effectively security tested, according to their criticality, throughout development and its’ lifecycle.

    • Ensure that project and development teams gain a sufficient level of IT security awareness for designing new services, technology and source code to gain an effective and sustainable IT security improvement and lower risk to the organization when projects are handed over to operations.

  • Provide in depth expertise to Application Security topics

  • Develop and enforce security policies and procedures across the Application Security Domain

  • Develop security best practices and governance models for DevSecOps practices

  • Support the secure setup and governance of DevSecOps toolsets and in Agile software development

  • Design security measures and an overall security architecture for the Application Security landscape in line with the ISRM policy framework

  • Support in incorporating Information Security regulatory compliance requirements in product development

  • Support in auditing of security policies and procedures

  • Take responsibility to ensure adherence with Security and Compliance policies and procedures within Security Architect scope

  • Ensure that developed solutions are peer reviewed and formally documented

  • Ensure accurate provisioning and metering of services

  • Support projects in secure application design adoption

  • Identify major internal application security related deficiencies and suggests pragmatic approaches on how to remediate them at scale

  • Collaborate closely with other Security Architects and IT Architects on Application Security related matters

Minimum Requirements:

  • Essential:

    • University working and thinking level, degree in business/technical/scientific area or comparable education/experience

  • Desirable:

    • Professional information security certification, such as CISSP, CSSLP, CISM is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred

Work Experience:

  • 10+ years of working experience; 2 of those years in Agile and DevSecOps based development environment

  • 4+ years of working experience managing a SDLC program

  • 2+ years of working experience in securing emerging technologies such as data science and data analytics platforms, AI / ML apps including GenerativeAI.

  • Demonstrated senior leadership skills: >2 years’ experience in senior management positions in a matrix organization

  • Experience in reporting to and communicating with senior level management (with and without IT background), with and without in depth risk management background on information risk topics

  • Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills.

  • Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.

Why Novartis? Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here:

You’ll receive: You can find everything you need to know about our benefits and rewards in the Novartis Life Handbook.

Commitment to Diversity and Inclusion: Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve.

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here:

Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together?

Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up:

Hyderabad (Office)
Full time
A female Novartis scientist wearing a white lab coat and glasses, smiles in front of laboratory equipment.

Dir. DDIT ISC Enterprise Architecture AppSec

Apply to Job