Functional Security Architect

Job ID 302446BR

Position Title Functional Security Architect

Job Description

Your responsibilities included but are not limited to :

• The FSA will work with their respective business enabling function (BEF) to ensure solutions are security designed, following approved security patterns and providing ongoing security consulting and expertise to support the following activities:
a) Review security architecture of public cloud solutions for Azure and AWS
b) Provide SME guidance for SaaS/IaaS/PaaS security design and practices for new digital initiatives
c) Validate security requirements for planned solutions and platforms
d) Engage in new projects and be part of working teams, designing and securing workloads in public and private cloud environments
e) Experience proposing and conducting Proofs of Concept (POC), Proofs of Value (POV) activities to ensure innovative solutions can be adopted globally and meet the business need.

• The successful candidate will be a strong communicator with deep technical and security skills, especially pertaining to IaaS security. The individual must be highly collaborative as they will need to work closely with architects, engineers, 3rd party vendors.
• Provides in depth expertise to for IT security principles, ensures controls are included as technical requirements to ensure security-by-design best practices, Reviews, creates and challenges defined IT security related internal standards
• Acts as single point of contact, collaborating closely with other Security Architects and IT Architects on IT security related matters, Promotes IT Security culture within the business and application management team
• Defines pragmatic solutions and recommends alternatives that meet or exceed security requirements, Performs risk/threat assessment of IT projects related to the function
• Manages prioritization of security assessment for the function, Leverages application security risk assessment pool for low impact projects

Minimum requirements

• University working and thinking level, degree in business/technical/scientific area or comparable education/experience

• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
• CSSLP, GSSP, ECCSP, CASS
• 10+ years’ work experience, 7 years within Information Security management. 2+ years’ experience in sr. management position with demonstrated leadership skills in global matrix organization, 5+ years as an IT security expert
• Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and change management processes, especially in large scale implementations

• Familiarity with frameworks such as ISO 2700x, CobiT, NIST, ISF, or SOX
a) Knowledge of OWASP, Secure SDLC best practices, CI/CD pipelines, encryption, identity and access management, data integrity, PKI and other related secure software design best practices
b) Assesses the feasibility, time and resource requirements to ensure not to over promise
c) Keeps pace with industry developments to provide best solutions for the business
d) Good mediation and facilitation skills
e) Working knowledge of IT Project Management and PMO methodologies

Novartis was created in 1996 through a merger of Ciba-Geigy and Sandoz. Novartis and its predecessor companies trace roots back more than 250 years, with a rich history of developing innovative products. From beginnings in the production of synthetic fabric dyes, the companies that eventually became Novartis branched out into producing chemicals and ultimately pharmaceuticals.