A

Director, Cyber Risk Management & Remediation

AstraZeneca · India - Chennai

~₹60L (est.)15–25 yrs experiencePosted 1w ago
Apply now →

Job description

Job Title: Director, Cyber Risk Management & Remediation GCl: F Introduction to role: Are you ready to turn sophisticated enterprise cyber risk into critical, measurable results that protect how we run the business and deliver life‑changing medicines? Can you build the security posture of core platforms and application deployment at global scale while guiding senior leaders toward the right trade‑offs! You will engage at the earliest stages of major transformations. You will embed pragmatic controls, orchestrate remediation, and ensure SOX and compliance obligations are met. You will do all this while keeping delivery on track. Embedded with platform and engineering leadership and operating as part of the enterprise cybersecurity function, you will set standards, governance, and operating models that translate risk into prioritized, defensible remediation. Your impact will be transparent in clear metrics, reduced residual risk, audit‑ready evidence, and resilient platforms that underpin our ability to get medicines to patients safely and efficiently. Accountabilities: • Risk Lifecycle Ownership: Lead the recognition, evaluation, management, approval, and supervision for the portfolio; maintain an authoritative risk register spanning SAP, SDLC/DevSecOps, automation, workflow platforms, and software supply chain with clear owners, timelines, and a predictable executive blocking issue cadence. • Executive Engagement and Influence: Advise senior technology and business leaders; translate threat intelligence, regulatory drivers, and delivery realities into clear risk priorities and investment decisions that protect critical business processes. • Define and run the governance model for risk acceptance, exceptions, and waivers. Ensure residual risk is detailed, treatments are time‑bound, and blocking issues align with enterprise appetite. Apply SOX‑relevant controls and secure finance and audit participation when enterprise financial platforms are in scope. • Control Baseline and Framework Mapping: Set and carry out defensible control baselines across SAP, SDLC/DevSecOps, RPA/chatbots, and workflow platforms; map to NIST CSF, ISO 27001/27002, CIS Controls, OWASP, and internal policy; measure and uplift control coverage and maturity over time. • Risk Assessment and Treatment: Lead high‑impact assessments for S/4HANA migration, engineering service changes, new automation deployments, platform integrations, AI/ML and agentic automation, and M&A due diligence; ensure risks, exceptions, and treatments are consistently documented and tied to business outcomes. • Remediation Program Leadership: Sponsor and lead all aspects of multi‑team programs addressing vulnerabilities, configurations, architectural gaps, and control deficiencies. Identify turning points, RAID, progress tracking, and benefits realization to ensure lasting risk reduction. • Remediation Execution and Orchestration: Drive delivery across SAP Basis teams, software engineering leads, automation centers of excellence, and platform owners; handle dependencies, remove blockers, and coordinate timing with release schedules and SOX change-control requirements to protect stability and compliance. • Control Assurance and Audit Readiness: Oversee control health, testing, and evidence management; lead engagements with internal/external auditors and regulators across ISO 27001, SOC 2, SOX ITGC (for SAP financial systems and SDLC controls), and GxP/GMP where applicable; ensure durable, traceable, audit‑ready evidence. • Third‑Party and Software Supply Chain Risk: Set supplier and SaaS risk standards—including due diligence, minimum controls, contractual clauses, SCA, and continuous monitoring—for systems integrators, platform vendors, third‑party apps, and open‑source libraries; integrate third‑party risk into the register and own executive blocking issues. • Data, AI, and Privacy Enablement: Safeguard critical and regulated data across SAP, automation workflows, and platform integrations; enable compliant AI/ML and agentic automation via classification, encryption, DLP, monitoring, and model‑risk controls aligned to GDPR, NIS2, and internal data governance standards. • Incident Preparedness and Response Leadership: Partner with security operations and crisis teams to strengthen playbooks and BCP for SAP, automation, platform, and supply chain scenarios; sponsor corrective actions and ensure lessons learned to become durable control improvements. • Metrics, Reporting, and Executive Communication: Define benchmarks/KRIs and business‑centric dashboard, privileged bot access posture, platform configuration scores, repeat‑finding rates, mean time to remediate—and communicate posture and priorities to executive governance and, when required, Board‑level forums. • Collaborator Management: Build trusted relationships across platform, engineering, architecture, quality, legal/privacy, audit, sourcing, and cyber leadership; influence investment to resolve systemic risks and remove multi-functional blockers Essential Skills/Experience • 15 years of dynamic experience in information security, including 8+ years leading risk management, remediation, BISO, or equivalent functions and influencing senior business and IT executives at VP/SVP level. • Demonstrated track record of crafting and operating an enterprise risk lifecycle (identification, assessment, treatment, acceptance, monitoring) and remediation portfolio in sophisticated, global organizations, and measuring risk reduction and control development throughout the duration across enterprise application and software delivery environments. • Demonstrated ability to apply LLMs and agentic automation to improve cybersecurity and business outcomes, translating use cases into measurable g