Summary
About the Role
Major accountabilities:
Complete oversight of entire secure design lifecycle:
Define the tooling and services required for secure software design and development globally across major design fields, e.g. digital, ERP, web applications and Industrial Control Systems.
Define and manage the tooling and services required for security testing services, e.g. penetration testing, mobile application security testing, source code inspection.
Define the tooling and services required for information risk management during projects.
Oversee all vendor contracts for secure software design and development.
Define and report to CISO the appropriate metrics to judge operational effectiveness as well as outstanding risk of the organization due to vulnerabilities introduced by projects, e.g. software vulnerabilities and insufficient development practices
Define remediation requirements for global Application Security project and development teams.
Manage associates that operate secure software design and development and remediation oversight
Define requirements for system retirement or other protection in case software vulnerabilities cannot be addressed in source code itself
Ensure information risks introduced by new technology and technology related services are identified, communicated to appropriate stakeholders and remediated
Ensure applications are effectively security tested, according to their criticality, throughout development and its’ lifecycle.
Ensure that project and development teams gain a sufficient level of IT security awareness for designing new services, technology and source code to gain an effective and sustainable IT security improvement and lower risk to the organization when projects are handed over to operations.
Provide in depth expertise to Application Security topics
Develop and enforce security policies and procedures across the Application Security Domain
Develop security best practices and governance models for DevSecOps practices
Support the secure setup and governance of DevSecOps toolsets and in Agile software development
Design security measures and an overall security architecture for the Application Security landscape in line with the ISRM policy framework
Support in incorporating Information Security regulatory compliance requirements in product development
Support in auditing of security policies and procedures
Take responsibility to ensure adherence with Security and Compliance policies and procedures within Security Architect scope
Ensure that developed solutions are peer reviewed and formally documented
Ensure accurate provisioning and metering of services
Support projects in secure application design adoption
Identify major internal application security related deficiencies and suggests pragmatic approaches on how to remediate them at scale
Collaborate closely with other Security Architects and IT Architects on Application Security related matters
Minimum Requirements:
Essential:
University working and thinking level, degree in business/technical/scientific area or comparable education/experience
Desirable:
Professional information security certification, such as CISSP, CSSLP, CISM is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
Work Experience:
10+ years of working experience; 2 of those years in Agile and DevSecOps based development environment
4+ years of working experience managing a SDLC program
2+ years of working experience in securing emerging technologies such as data science and data analytics platforms, AI / ML apps including GenerativeAI.
Demonstrated senior leadership skills: >2 years’ experience in senior management positions in a matrix organization
Experience in reporting to and communicating with senior level management (with and without IT background), with and without in depth risk management background on information risk topics
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills.
Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.
Why Novartis? Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www.novartis.com/about/strategy/people-and-culture
You’ll receive: You can find everything you need to know about our benefits and rewards in the Novartis Life Handbook. https://www.novartis.com/careers/benefits-rewards
Commitment to Diversity and Inclusion: Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve.
Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network
Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture
Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network
