Job Description
Job Description Summary
As part of the Security Architecture & Advisory team, the Lead Platform & Cloud Security Architect will be responsible for designing, implementing, and maintaining robust security solutions for Sandoz's technology platforms, with a specific focus on securing databases, middleware components, and API gateways, SAP environment, and public cloud (AWS, Azure) private cloud (OpenShift, Kubernetes) environments. Your expertise in these areas will be crucial in ensuring the confidentiality, integrity, and availability of our systems and data.Job Description
Major accountabilities:
Your responsibilities include, but are not limited to:
Develop the strategy, future state architecture and roadmap for technology platforms
Architect and design secure and resilient solutions for public and private cloud (AWS, Azure, Kubernetes, OpenShift), databases, middleware, and API gateways, SAP, MS Power Platform, VMware Aria, considering industry best practices, regulatory requirements, and organizational needs
Conduct comprehensive security assessments of technology platform components, identifying vulnerabilities and recommending appropriate remediation strategies.
Develop and enforce security policies, standards, and procedures related to technology platform architecture and deployment
Stay up to date with emerging security threats, vulnerabilities, and industry trends and assess their potential impact on the organization's platforms
Provide guidance and support to implementation teams on securing public and private cloud, databases, middleware components and API gateways, SAP etc.
Act as a subject matter expert and provide guidance on security topics related to the technology platform to stakeholders, management, and executives
Develop and maintain strong relationships with key stakeholders, vendors and strategic external partners.
Work collaboratively with product teams and key stakeholders to determine business and user requirements for end-user devices
Minimum Requirements:
Master of Science degree or equivalent experience in computer science, engineering, information technology or other relevant field(s)
Fluent in written and spoken English
At least 8 years of experience in security related to technology platforms including public and private cloud
Proven experience working as a Security Architect or similar role, with an expertise in public cloud, database, middleware and API gateway security.
Strong knowledge of database management systems (e.g., Oracle, MS SQL Server, MySQL) and middleware technologies (e.g., Apache, WebLogic, IBM MQ, Axway, Boomi).
Strong knowledge of SAP infrastructure and/or MS Power Platform
Strong knowledge of database security principles, including access controls, encryption, data masking, and auditing
Deep understanding of middleware security concepts, including secure configuration, transport layer security, and message integrity
Expertise in securing API gateways, including authentication, authorization, and protection against common API vulnerabilities
Experience working in a global company and designing / deploying solutions at scale
Excellent negotiation, communication, and interpersonal skills with the ability to develop influential relationships with different stakeholders across all levels
Preferred Requirements:
Knowledge with security frameworks and standards such as ISO 27001, CIS Controls, NIST, and Cyber Essentials is a plus
Certification or accreditation in Information Security (CISM, CISA, CISSP, etc.,) and/or relevant vendor specific certifications is a plus
Languages:
English.
Skills Desired
Escalation, Information Security Audit, Information Security Risk Management, Quality Management, Root Cause Analysis (RCA), Sec Ops (Security Operations), Vendor Management