Director of Cybersecurity - Secure by Design

Director- Cybersecurity, Secure by Design

Job Title: Director- Cybersecurity, Secure by Design

GCL: F

Introduction to role:

Are you ready to hardwire security into every design decision and release, so science can move faster with confidence? Can you lead global engineering teams to move from reactive fixes to design-led, measurable risk reduction?

This senior technical leadership role anchors security in the full lifecycle of our digital ecosystem. You will translate a Trust-by-Design vision into practical engineering patterns that safeguard cloud platforms, software, AI/GenAI capabilities, operational technology, and enterprise applications. Your work will help ensure that the platforms powering discovery, development, and delivery of medicines are secure by default—so teams can innovate at speed without compromising integrity.

You will partner across architecture, product engineering, and operations to embed security standards and automate controls at scale. By shaping guardrails and enabling secure development practices, you will reduce systemic risk, accelerate releases, and protect data that matters for patients and the business.

Accountabilities:

• Define and drive the engineering strategy aligned to CISA, NIST SSDF, ISO/IEC 27034, and EU CRA principles; establish a Secure Development Lifecycle across software, cloud, and OT, and convert the CISO’s vision into 18–24 month roadmaps with measurable outcomes.
• Lead threat modelling, secure code reviews, penetration test coordination, and portfolio-wide vulnerability management; convert findings into prioritized remediation and control improvements that demonstrably reduce risk.
• Direct engineering activities across complex software and application projects; design and implement secure-by-default configurations for cloud (IaaS/PaaS/SaaS), containers (Docker, Kubernetes), hybrid and on‑premise; oversee build, configuration, testing, and release of cybersecurity solutions with a focus on secure architecture, DevSecOps, and data security.
• Govern application and software lifecycle security needs including patching, hardening, secrets management, and control validation; lead incident and problem resolution for security-related issues and prevent recurrence through design patterns and automation.
• Provide technical feedback for arguments and supplier selection; evaluate and integrate platforms and partnerships that strengthen code security, CI/CD, cloud posture, and vulnerability remediation.
• Serve as engineering authority applying NIST AI RMF, OWASP Top 10 for LLM, and MITRE ATLAS; define guardrails, fail-safes, and human oversight by default; partner with an AI centre of excellence to secure AI pipelines across R&D, Commercial, and Manufacturing.
• Drive engineering standards for manufacturing environments, incorporating IEC 62443, Purdue Model layers, and Zero Trust patterns to protect critical systems and ensure safe operations.
• Engage architecture, DevOps, product engineering, and third parties to codify security requirements; lead security design reviews, risk assessments, and represent cybersecurity engineering in governance forums and supplier assurance.
• Ensure solutions meet GxP, 21 CFR Part 11, EU Annex 11, GDPR, HIPAA, SOC2, and OWASP expectations; embed compliance as code where possible to streamline assurance.
• Build, mentor, and empower a hard-working global cybersecurity engineering team; handle budgets, capacity, and delivery; drive performance metrics and tier reporting; recruit and develop diverse talent and shape future‑focused skills through internal and external partnerships.
• In the first 6–12 months, baseline and operationalize the SDL and secure‑by‑default patterns across priority platforms; by 18–24 months, achieve scaled automation, measurable risk reduction, and adoption of standards enterprise‑wide.

Essential Skills/Experience:

• Bachelor's degree in Computer Science, Information Security, Software Engineering, or comparable specialisation.
• 15+ years of experience in cybersecurity engineering, software security, or product security in a senior leadership or director-level role.
• Deep expertise in Secure by Design / Secure Development Lifecycle (SDL) principles aligned to CISA, NIST SSDF, and ISO/IEC 27034.
• Significant experience with modern software development languages, security patterns, testing phases, and DevSecOps toolchains.
• Proven experience implementing and leading threat modelling, secure code review, and vulnerability management programmes at scale.
• Experience with cloud security engineering across IaaS/PaaS/SaaS platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Experience with AI/GenAI security controls including NIST AI RMF, OWASP LLM Top 10, and secure AI deployment patterns.
• Experience working within a quality and compliance environment including GxP, 21 CFR Part 11, GDPR, or equivalent regulated-industry frameworks.
• Meaningful experience leading sophisticated, large-scale IT/cybersecurity engineering projects within global, geographically dispersed organisations.

Desirable Skills/Experience:

• Relevant professional certification (CISSP, CSSLP, CISM, or equivalent).
• Experience in agile software development methodologies and security integration within CI/CD pipelines.
• Experience utilising modern test management and security tooling (e.g., X-Ray for Jira, SAST/DAST tools, SCA platforms, or similar).
• Experience with OT/ICS security architecture for pharmaceutical manufacturing environments (IEC 62443, Purdue Model).
• Familiarity with EU Cyber Resilience Act (CRA) and its engineering compliance implications.
• Experience co-working with multi-functional global leadership and senior collaborators including CISO, CIO, and Audit Committee.
• Pharmaceutical or life sciences sector experience preferred.

When we put unexpected teams in the same room, we fuel ambitious thinking with the power to encourage life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility.

Why AstraZeneca:

This is where technical depth meets large‑scale impact. You will collaborate with diverse experts who unite different teams in a shared space. Together, you will unlock ambitious thinking and turn complex data and technology challenges into secure, practical solutions that improve lives. We connect across every part of the company, amplifying the effect of secure engineering on research, development, manufacturing, and patient engagement. Expect a culture that values kindness alongside ambition, where we share, learn, and challenge together, and where your leadership in secure design can raise your profile while shaping how a digital and data‑driven enterprise delivers for patients every day.

Lead the shift from bolt‑on security to built‑in resilience—step forward to shape the standards, teams, and systems that safeguard life‑changing science now.

Date Posted

05-Jun-2026

Closing Date

02-Jul-2026

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

Experience Level

Executive Level