Director of Enterprise Architecture IAM, DDIT ISC

The Director of Enterprise Architecture IAM will play an essential role in shaping and driving the architecture and design of various IAM platforms. This includes defining and adopting standards for their use, as well as acceptable implementation patterns, in alignment with Novartis information security standards and industry best practices. The individual will lead technology selection processes, manage vendor relationships, and guide cross-functional teams to execute and implement the IAM change strategy. This strategy aims to transform the way the company manages digital identities and their access to systems. The Director will also provide technical leadership for IAM transformation projects, ensuring that IAM applications are effectively security tested throughout their development and lifecycle.

• Drive definition of IAM standards and architecture patterns and contribution to the overall Novartis technology strategy in collaboration with Novartis Enterprise Architecture/Governance
• Review, approve and control technology variants to the agreed enterprise IAM standards
• Lead IAM technology selection process including in-depth IAM products evaluation and vendor relationship management
• Drive senior management sessions on IAM risk management, solution proposals, technology adoption
• Provide technical leadership for various IAM transformation projects, throughout the project lifecycle, including evaluating business requirements and security technologies, planning technology deployment, aligning with security engineering and solution architecture teams
• Proactively share knowledge of technology risks with business domain, while partnering with delivery leadership to ensure continuous improvement of IT services, application rationalization and efficient management of existing systems and operations
• Effectively liaise with other teams in information security & risk management, infrastructure & architecture management as well as business functions
• Contribute to the development of overall Novartis technology strategies, designs, standards, and procedures that support business strategies
• Ensure IAM applications are effectively security tested, according to their criticality, throughout development and lifecycle
• Ensure that project and development teams gain a sufficient level of IT security awareness for designing new services, technology, and source code to gain an effective and sustainable IT security improvement and lower risk to the organization when projects are handed over to operations
• Drive performance KPIs and metrics for IAM architecture outcomes, measure performance against architecture strategy and operational goals
• Ensure industry network in IAM domain and identify innovation opportunities

• Authentication/Authorization modern and legacy standards
• Entra ID concepts with focus on conditional access policies
• Legacy directory services and AD architecture and key concepts and secure administration
• IAM capabilities of major cloud providers such as AWS, Azure, Salesforce, Workday, ServiceNow, SAP, etc.
• Privileged access management
• API security and best practices for authentication/authorization
• Automation and integration related to IAM systems
• CIEM
• CIAM

• Professional information security certification, such as CISSP, CCSP, CISM is preferred.
• Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred