Security Solutions Architect (Mergers & Acquisitions)

The Novartis Mergers and Acquisition IT (M&A) is in need for an experienced Functional Security Architect (FSA) to assist them in acquisition due diligence. This includes, but not limited to, network and application security reviews and security consultation of newly acquired companies as well as support of potential divestitures. M&A IT collaborates across scientific and business organizational boundaries, with a focus on maximizing the return of value for each acquisition while managing risk throughout the deal lifecycle. As a Functional Security Architect (FSA), you will support these strategic initiatives by providing subject matter expertise in the domain of end-to-end security architecture for typical enterprise services found across small, medium and large companies including startups.

The FSA will work with the M&A deal teams and technology peers to review, identify, report and eventually, ensure systems, applications, and networks of new company are compliant to security best practices and processes. FSA will also consult with new company s IT staff, leadership and management, Novartis security standards and approved security patterns while providing ongoing security consultion and expertise. M&A FSA responsibilities will include support of the following activities:

a)Review current state of security controls and architecture for a variety of core IT network designs, applications, and solutions including, but not limited to, scientific platforms, master data management systems, clinical trial systems, regulatory reporting solutions, 3rd party IT suppliers, as well as business systems that support H/R, finance and operations, and other relevant business functions.
b)Review existing security processes along with operational changes, enhancements, and other releases related to production systems
c)Support and provide detailed recommendations (remediation plan) to new company s leadership for remediation of identified security gaps and risks.
d)Articulate and present identified risks to Novartis security and compliance leadership

As part of daily activities, the FSA will ensure secure-by-design principles are being followed for applications and technical solutions that new company requires, to integrate into Novartis IT ecosystem by providing consultation and solution architecture recommendations.

The successful candidate will be a strong communicator with deep technical and security skills, especially pertaining to network security architecture, application security architecture, AWS and Azure Cloud architecture. The individual must be highly collaborative as they will need to work closely with application managers, platform engineers, 3rd party vendors, software developers and architects, apart from leadership.

• Advises peer architects and technologists about approved security patterns and practices
• Reviews, and challenges defined IT security related internal standards for the ongoing improvement of Novartis policies and procedures
• Acts as single point of contact, collaborating closely with other Security Architects and IT Architects on IT security related matters
• Promotes IT Security culture within the business and application management teams
• Defines pragmatic solutions and recommends alternatives that meet or exceed security requirements
• Reports on security status of various M&A projects
• Builds external network and eminence regarding IT security relevant to the business function
• Performs risk/threat assessment of all IT project related to the function
• Where needed, manages pool of external security and solution architects assigned to portfolio
• Manages prioritization of security assessment for the function

• University working and thinking level, degree in business/technical/scientific area or comparable education/experience
• 7+ years work experience, 5 years within Information / Cyber Security / IT security expert
• Experience in mergers and acquisition IT area is preferable
• Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and change management processes, especially in large scale implementations

• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
• CSSLP, GSSP, ECCSP, CASS
• AWS and Azure Security Architect certifications

Communication Skills, Compliance Audits, Compliance Management, Compliance Risk Assessment, Compliance Training, Influencing Skills, Quality Assurance