Director - Cyber Security Access Governance and Compliance

Director, Cyber Security Access Governance & Compliance

Director, Cyber Security Access Governance & Compliance

GCL: F

Introduction to role:

Are you ready to define how a global enterprise governs access at scale and turn control assurance into a competitive advantage? In this role, you will build the strategy and execution of identity and access governance that safeguards our science, data, and platforms, so we can deliver life‑changing medicines to patients faster and with confidence.

You will lead a high-impact program that reduces access risk, elevates stewardship, and produces audit‑ready evidence across workforce, privileged, and external access. Working with brand-new platforms including Sail Point Identity Security Cloud and analytics, you will expand automation, raise certification quality, and accelerate remediation.

Accountabilities:

• Direct the end‑to‑end Access Governance & Compliance program, aligning initiatives to business objectives and industry guidelines while ensuring least‑privilege governance and audit‑ready outcomes.
• Expand Sail Point Identity Security Cloud certification automation, uplift entitlement quality, and reduce manual effort through systematic application onboarding and control design improvements.
• Define and implement access governance policies, certification standards (scope, cadence, critical issue), evidence and retention requirements, Sod/toxic combination controls, and time‑boxed exception management.
• Provide executive‑level mentorship on cyber risk, regulatory compliance, and data privacy as they relate to identity and access, including risk‑based prioritization, compensating controls, and defensible outcomes.
• Design and implement governance health dashboards, exception registers, and automated evidence outputs to enable real‑time control transparency and efficient audit support.
• Establish an access risk management framework and security metrics program with clear control objectives, benchmark targets, tier reporting, and recurring governance rhythms with service owners and collaborators.
• Chair access governance steering groups and partner with application owners, HR/vendor management, internal audit, compliance, and infrastructure/platform teams to drive ownership and timely remediation.
• Direct comprehensive governance assessments and testing, including certification quality reviews, manual attestations for non‑integrated apps, reconciliations against authoritative sources, and closure of systemic gaps via supervised plans.
• Own stewardship health by defining data quality standards and supervising key attributes such as identity completeness, group/role ownership, entitlement ownership, and application owner accountability for human and non‑human identities.
• Set a multi‑quarter plan for Access Governance & Compliance, mentor and develop managers and practitioners, and build capabilities in certification design/QA, control testing, data stewardship, and analytics.
• Deliver and supervise budgets, capacity plans, and investments to support operations, reporting/analytics enablement, and continuous improvement within agreed constraints.
• Lead multi‑regional initiatives and drive large‑scale change through teams and partners; produce executive‑ready dashboards and tier reporting to increase accountability and speed remediation.

Essential Skills/Experience:

• 15+ years of experience in developing and implementing enterprise-wide cyber security strategies and frameworks, specifically as applied to access governance, control efficiency, and audit-ready evidence.
• Proven record developing and completing long-term strategic plans that measurably improve governance outcomes
• Confirmed expertise in reducing cyber risk in large, global enterprises through least-privilege governance, SoD management, and continuous control monitoring.
• Experience partnering with or operating alongside operational teams (e.g., IAM Operations and/or SOC) to ensure governance signals drive timely remediation and sustained control health.
• Proven experience working with cyber threat vectors, charge methodologies, and mitigation techniques relevant to identity and access
• Significant experience leading multiple large-scale cyber security systems/projects/processes, including governance automation
• Experience working within a quality and compliance environment and application of policies, procedures, and guidelines to meet audit and regulatory expectations.
• Experience co-working with multi-functional global leadership and other senior collaborators, influencing application owners and service owners to remediate risk and sustain governance outcomes.

Desirable Skills/Experience:

• Relevant security certifications applicable to the governance/risk domain, preferred (e.g., security management, audit/risk, IAM/IGA platform certifications).

When we put unexpected teams in the same room, we fuel bold thinking with the power to encourage life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility.

Why AstraZeneca:

Here, technology and purpose meet at scale. You will have the investment and sponsorship to modernize governance using cloud platforms, analytics, and AI, working shoulder‑to‑shoulder with engineers, data scientists, and business leaders to protect the science that changes lives. Expect a culture that values patience alongside ambition—where you can challenge the status quo, learn fast through experimentation, and see your ideas land in production.

Own the blueprint for trusted access in a global, data‑driven enterprise—step forward and build what secure, audit‑ready governance looks like for the future!

Date Posted

05-Jun-2026

Closing Date

02-Jul-2026

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

Experience Level

Executive Level