Director, Cyber Risk Management & Remediation
AstraZeneca India - Chennai Posted 14 July 2026
Pharma
Job description
Job Title: Director, Cyber Risk Management & Remediation GCl: F Introduction to role: Are you ready to turn sophisticated enterprise cyber risk into critical, measurable results that protect how we run the business and deliver life‑changing medicines? Can you build the security posture of core platforms and application deployment at global scale while guiding senior leaders toward the right trade‑offs! You will engage at the earliest stages of major transformations. You will embed pragmatic controls, orchestrate remediation, and ensure SOX and compliance obligations are met. You will do all this while keeping delivery on track. Embedded with platform and engineering leadership and operating as part of the enterprise cybersecurity function, you will set standards, governance, and operating models that translate risk into prioritized, defensible remediation. Your impact will be transparent in clear metrics, reduced residual risk, audit‑ready evidence, and resilient platforms that underpin our ability to get medicines to patients safely and efficiently. Accountabilities: Risk Lifecycle Ownership: Lead the recognition, evaluation, management, approval, and supervision for the portfolio; maintain an authoritative risk register spanning SAP, SDLC/DevSecOps, automation, workflow platforms, and software supply chain with clear owners, timelines, and a predictable executive blocking issue cadence. Executive Engagement and Influence: Advise senior technology and business leaders; translate threat intelligence, regulatory drivers, and delivery realities into clear risk priorities and investment decisions that protect critical business processes. Define and run the governance model for risk acceptance, exceptions, and waivers. Ensure residual risk is detailed, treatments are time‑bound, and blocking issues align with enterprise appetite. Apply SOX‑relevant controls and secure finance and audit participation when enterprise financial platforms are in scope. Control Baseline and Framework Mapping: Set and carry out defensible control baselines across SAP, SDLC/DevSecOps, RPA/chatbots, and workflow platforms; map to NIST CSF, ISO 27001/27002, CIS Controls, OWASP, and internal policy; measure and uplift control coverage and maturity over time. Risk Assessment and Treatment: Lead high‑impact assessments for S/4HANA migration, engineering service changes, new automation deployments, platform integrations, AI/ML and agentic automation, and M&A due diligence; ensure risks, exceptions, and treatments are consistently documented and tied to business outcomes. Remediation Program Leadership: Sponsor and lead all aspects of multi‑team programs addressing vulnerabilities, configurations, architectural gaps, and control deficiencies. Identify turning points, RAID, progress tracking, and benefits realization to ensure lasting risk reduction. Remediation Execution and Orchestration: Drive delivery across SAP Basis teams, software engineering leads, automation centers of excellence, and platform owners; handle dependencies, remove blockers, and coordinate timing with release schedules and SOX change-control requirements to protect stability and compliance. Control Assurance and Audit Readiness: Oversee control health, testing, and evidence management; lead engagements with internal/external auditors and regulators across ISO 27001, SOC 2, SOX ITGC (for SAP financial systems and SDLC controls), and GxP/GMP where applicable; ensure durable, traceable, audit‑ready evidence. Third‑Party and Software Supply Chain Risk: Set supplier and SaaS risk standards—including due diligence, minimum controls, contractual clauses, SCA, and continuous monitoring—for systems integrators, platform vendors, third‑party apps, and open‑source libraries; integrate third‑party risk into the register and own executive blocking issues. Data, AI, and Privacy Enablement: Safeguard critical and regulated data across SAP, automation workflows, and platform integrations; enable compliant AI/ML and agentic automation via classification, encryption, DLP, monitoring, and model‑risk controls aligned to GDPR, NIS2, and internal data governance standards. Incident Preparedness and Response Leadership: Partner with security operations and crisis teams to strengthen playbooks and BCP for SAP, automation, platform, and supply chain scenarios; sponsor corrective actions and ensure lessons learned to become durable control improvements. Metrics, Reporting, and Executive Communication: Define benchmarks/KRIs and business‑centric dashboard, privileged bot access posture, platform configuration scores, repeat‑finding rates, mean time to remediate—and communicate posture and priorities to executive governance and, when required, Board‑level forums. Collaborator Management: Build trusted relationships across platform, engineering, architecture, quality, legal/privacy, audit, sourcing, and cyber leadership; influence investment to resolve systemic risks and remove multi-functional blockers Essential Skills/Experience 15 years of dynamic experience in information security, including 8+ years leading risk management, remediation, BISO, or equivalent functions and influencing senior business and IT executives at VP/SVP level. Demonstrated track record of crafting and operating an enterprise risk lifecycle (identification, assessment, treatment, acceptance, monitoring) and remediation portfolio in sophisticated, global organizations, and measuring risk reduction and control development throughout the duration across enterprise application and software delivery environments. Demonstrated ability to apply LLMs and agentic automation to improve cybersecurity and business outcomes, translating use cases into measurable gains (e.g., faster risk triage, automated control evidence collection, improved detection and response, accelerated software vulnerability triage) while protecting critical data and maintaining appropriate oversight of automated processes. Deep experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, CIS Controls, OWASP (ASVS, Top 10, SAMM), and related frameworks across enterprise applications, software delivery pipelines, and SaaS platforms, demonstrating measurable maturity improvement at enterprise scale. Good understanding of SAP security architecture including authorization concepts (role design, SoD analysis and remediation, GRC or equivalent experience), Basis and system security (transport management, RFC/interface security, secure landscapes), S/4HANA and cloud security considerations, and SOX ITGC controls for SAP financial systems; ability to assess risk, lead remediation, and partner with Basis and GRC teams. Hands‑on leadership embedding security into SDLC and delivery pipelines—SAST, DAST, SCA, secrets management, container/Kubernetes security, CI/CD hardening, software composition analysis and open‑source risk management, and developer enablement—with evidence of measurable risk reduction at scale. Understanding of risks in RPA/chatbot deployments, including privileged credential management for attended/unattended bots, bot lifecycle governance, sensitive data handling, emerging agentic AI security, and integration security; ability to define enterprise bot security standards and drive remediation. Experience securing enterprise workflow platforms access and role governance, integration/API authentication, service account and privileged access management, third‑party app/plugin risk, workflow/scoped app security, and audit trails and handling risk across broad enterprise integrations. Demonstrable ability to handle challenging executive priorities. Deliver results unde
Stand out for this role
NoxPharm tailors your CV to this exact job description — matching the keywords recruiters and ATS systems screen for. Built for pharma & life sciences.
Tailor my CV now — free to trySimilar Pharma jobs
Medical Science Manager (GU & GYN Cancers)
AstraZeneca — Turkey - Istanbul
Manager Data, Artificial Intelligence & Digital Healthcare Solutions (m/w/d)
AstraZeneca — Germany - Hamburg
Pharmaceutical Sales Specialist, CVRM Primary Care - Zanesville E, OH
AstraZeneca — US - Zanesville - OH
Pathway Optimization Manager (m/w/d) Oncology
AstraZeneca — Germany - Hamburg
Dx Advisor-ATTR
AstraZeneca — China
AD/Sr. Manager Compliance, Assurance COE
AstraZeneca — China