Application Security Architect

Job Description Summary

#Sandoz

 

Job Description

Sandoz is going through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines.

Now as an independently listed company, Sandoz aims to increase its strategic focus, operate with greater agility, set clearer business objectives, enhance shareholder returns, and strengthen its culture for us, the Sandoz associates. This is an exciting time in our history, and by creating a new and ambitious path, it will provide a unique opportunity for us all, both professionally and personally. Join us as a Founder of our ‘new’ Sandoz!

As part of the Security Architecture & Advisory team, the Lead Application Security will play a critical role in ensuring the security and resilience of Sandoz's applications. You will shape and own Application Security process within Sandoz and ensure that robust security measures are adopted throughout the application development lifecycle. You will act as a point of contact for internal community (developers, project managers, application owners etc.) to which you will provide guidance on application security aspects and at the same time you will own relationship with external party providing application security assessments as a service to Sandoz. Your expertise in application security will help us protect sensitive data, identify vulnerabilities, and mitigate security risks.

Your Key Responsibilities

Your responsibilities include, but not limited to:

• Work with various stakeholders across the organization to ensure security of applications throughout their lifecycle considering industry best practices, regulatory requirements, and organizational needs.

• Steer external partner on conducting comprehensive security assessments of applications, identifying vulnerabilities and recommending appropriate remediation strategies.

• Collaborate with development teams to integrate security controls and measures into the application development process effectively.

• Define and enforce application security policies, standards, and procedures, ensuring compliance with internal and external security requirements.

• Stay up to date with emerging security threats, vulnerabilities, and industry trends related to application security and assess their potential impact on Sandoz.

• Provide guidance and support to development teams on secure coding practices, secure configuration management, and vulnerability remediation.

• Act as a subject matter expert and provide guidance on application security to stakeholders, management, and executives.

• Stay abreast of industry standards and frameworks such as OWASP, SANS, and NIST, and incorporate relevant practices into the application security program.

• Develop and maintain strong relationships with key vendors and strategic external partners.

What you’ll bring to the role:
 

Requirements:

• University degree or equivalent experience in computer science, engineering, information technology or other relevant field(s).

• Fluent in written and spoken English.

• Proven experience working as an Application Security Architect or in a similar role, with a focus on securing applications.

• Strong knowledge of application security principles, including secure coding practices, input validation, authentication, access controls, and encryption.

• Experience with application security standards and frameworks, such as OWASP Top Ten, SANS CWE Top 25, and secure software development lifecycle (SDLC) methodologies.

• Hands-on experience with security testing techniques ideally including code review, vulnerability scanning, and penetration testing.

• Experience working in a global company and designing / deploying solutions at scale.

• Excellent negotiation, communication, and interpersonal skills, ability to develop influential relationships with different stakeholders across all levels.

Desirable:

•           Knowledge and experience of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials is a plus.

•           Certification or accreditation in Information Security (CSSLP, CISM, CISA, CISSP, etc.,) and/or relevant vendor specific certifications is a plus.

 

You’ll receive:

• Monthly pension contribution matching your individual contribution up to 3% of your gross monthly base salary.
• Risk Life Insurance.
• 5-week holiday per year (1 week above the Labor Law requirement).
• Cafeteria employee benefit program – choice of benefits from Benefit Plus CZ in the amount of 12,000 CZK per year.
• Meal vouchers in amount of 116 CZK for each working day (full tax covered by company).
• Multisport Card.
• Car Allowance.

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, touched the lives of almost 500 million patients last year and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, state-of-the-art production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum and entrepreneurial spirit is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is encouraged! 

The future is ours to shape!

Commitment to Diversity & Inclusion:

We are committed to building an outstanding, inclusive work environment and diverse teams’ representative of the patients and communities we serve.

Join our Sandoz Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Sandoz and our career opportunities, join the Network here: Sandoz Talentpool (novartis.com)

#Sandoz

 

Skills Desired

Communication Skills, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management