29. Juni 2022

Job Description

15 Petabyte of data hosted, 49 countries supported, 15000 servers and thousands of devices to connect locations and businesses.

Information is clearly one of Novartis` most valuable asset. In ISRM (Information Security and Risk Management), we implement and maintain solutions that secure the Novartis environment, protect our data and provide the necessary control framework to enable compliance with the various regulations associated with the healthcare industry.

105,000 outstanding individuals work with Novartis all with different needs and aspirations. Aligned to a single inspirational purpose to reimagine medicine for millions of patients across the world.

AppSec Delivery Management objective is to ensure application security services are effectively operated and delivered to Novartis application teams in turn improving overall application security posture of Novartis global ecosystem. AppSec service requests may include but not limited to secure architecture & design consulting, threat modeling, secure architecture review, secure code scanning, dynamic testing and penetration testing in waterfall/agile SDLC and DevSecOps.

Role is responsible to operate, monitor and govern application security testing service requests and its delivery lifecycle with team of externals, managed service provider, and internal stakeholders. Act as a liaison between AppSec vendors and application teams regarding AppSec service as well as security issues.

Your Responsibilities Include but are not limited to:

1. Handle AppSec service demand - Assess demand through upcoming projects, application changes, new development, retrospective assessments, etc. Align demand forecast with managed service provider and vendors for them to handle resource scalability

2. Complete oversight and ownership of AppSec service requests lifecycle:

- Conduct awareness sessions with service requestors for fulfilment of service

- Ensure timely processing of all service request and act as a backup to externals supporting service request processing and govern service request inflow, processing, and fulfillment lifecycle. Execution of finances such as GR and rebooking analysis for delivered services

- Ensure all testing engagements are delivered timely by the managed service providers as per SLA, with quality expectations met and any deviations handled per contract arrangements

- Perform technical/process QA of delivered service requests periodically and perform health check of the data and service details maintained in the systems

- Strong control and timely resolution of on-hold, reminders, escalations, pending follow-ups, etc. that could result in degradation of service delivery or operational metrics or hygiene

1. Monitor and maintain AppSec service adoption

- Guide relevant project resources to consume relevant AppSec services and complete cost estimation for these services.

- Generate and analyse AppSec usage/adoption reports to improve control adoption and escalate deviations with internal stakeholders

- Gather feedback, monitor surveys and perform RCA as needed

- Collaboration with strategic programs for demand through request fulfilment

- Ensure all integrated process and systems are operating as expected

- Conduct service training and awareness for global Novartis teams

1. Monitor, report and collaborate with required internal teams to deliver on assigned responsibility and accountabilities

2. Support cross-functional and application teams w.r.t AppSec service inquiries and support in handling service-related control gaps/risks if any.

3. Support development, implementation, maintenance and enforcement of controls, tools, documentation, processes and standards for AppSec service.

4. Ensure the AppSec vendor is paid promptly for the services they have randered to the project/application teams.

5. Track AppSec Vendor SLAs to ensure effective and prompt delivery of all AppSec request. Also, keep customer informed regarding status of their requests.

6. Drive continuous process improvements for AppSec processes and update AppSec process documentation to meet current state of the services.

7. Support audit requests, service reviews, monitoring and reporting of IT security risk status and trends to leadership

Diversity & Inclusion / EEO

Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Minimum Requirements

What you'll bring to the Role:
• BE/ Btech with 9+ years of overall working experience in information security, At least 5+ years in secure SDLC, application security testing and/or technical vulnerability management, Demonstrated leadership skills through 2+ years’ experience in middle management.
• Strong knowledge of vulnerability scoring systems e.g., CVSS, DREAD, OWASP, CWE, CAPEC, MITRE, etc. for application vulnerabilities
• Expertise in security SDLC requirements and secure application controls , reporting to and communicating with senior level management with in depth application security and vulnerability/risk management domain
• Excellent understanding and knowledge of IT application technology, systems, and management processes
• Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities

766 million lives were touched by Novartis medicines in 2021, and while we’re proud of this, we know there is so much more we could do to help improve and extend people’s lives.
We believe new insights, perspectives and ground-breaking solutions can be found at the intersection of medical science and digital innovation. That a diverse, equitable and inclusive environment inspires new ways of working.
We believe our potential can thrive and grow in an unbossed culture underpinned by integrity, curiosity and flexibility. And we can reinvent what's possible, when we collaborate with courage to aggressively and ambitiously tackle the world’s toughest medical challenges. Because the greatest risk in life, is the risk of never trying!
Imagine what you could do here at Novartis!

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network
No video provider was found to handle the given URL. See the documentation for more information.
Global Drug Development
Hyderabad, AP
Information Technology
Full Time
careers default image

Associate Director Security Operations – AppSec Delivery Management

Apply to Job Access Job Account