Summary: Lead cybersecurity engineering for cloud and data at AstraZeneca, shaping secure platforms for digital innovation against advanced threats. Highlights: 1. Shape secure, modern platforms for digital, AI/ML, and data-driven innovation. 2. Outthink advanced threats and embed security into everything we build. 3. Lead a team disrupting the industry to protect breakthrough science. **Introduction to Role** ======================== The Cybersecurity team sits at the heart of AstraZeneca’s global technology landscape. As the Director of Cybersecurity Engineering, Cloud \& Data, you will shape how secure, modern platforms enable digital, AI/ML, and data\-driven innovation that directly supports life\-changing medicines. Cybersecurity here is a continuous journey, not a destination. We operate against sophisticated, well\-funded adversaries—including state\-sponsored attackers and organized crime syndicates. This is an opportunity to outthink advanced threats, embed security into everything we build, and lead a team that disrupts the industry to protect breakthrough science. **Accountabilities** ==================== * **Solution Engineering**: Lead the engineering, build, configuration, testing and implementation of Cybersecurity solutions across public cloud, on\-premise and third\-party collaboration environments, with a primary focus on Cloud, DevOps enablement and data security. * **Strategy and Governance**: Define and own strategy, principles, policies, standards and governance for Cloud and DevOps security, including network connectivity, tooling, application security standards, static and dynamic code review, penetration testing, **SIEM** and monitoring. * **Compliance Integration**: Map governance and compliance frameworks to technical implementation, shifting hardening processes left, and managing network traffic inspection (IDS/IPS). * **Digital Trust and Maturity**: Shape the future state of Cybersecurity for Cloud maturity and Data Protection maturity to advance digital trust; lead reviews and gap analyses between current and target states, then drive uplift of measures and controls to achieve the vision. * **Threat Mitigation**: Anticipate threats, identify weaknesses and lead prompt, effective responses to potential breaches or areas of concern, with a strong emphasis on Cloud and DevOps environments. * **Modern Security Practices**: Champion continuous testing, validation and monitoring approaches aligned to modern engineering practices and flexible ways of working. * **Attacker Intelligence**: Stay ahead of attacker tactics, techniques and motivations; maintain awareness of emerging methods while recognising cyclical reuse of historical attack patterns to inform proactive defences. * **Cross\-Functional Collaboration**: Collaborate closely with Business, Solution Delivery, Engineering, Quality and Compliance teams across multiple regions (US, UK, Sweden, China, Japan, Poland, Mexico, India and more) to align security engineering with business outcomes. * **Team Leadership**: Provide strategic leadership to a high\-performing security engineering team, setting priorities, managing delivery to challenging timescales and fostering a culture of ownership, experimentation and learning. **Essential Skills and Experience** =================================== * **Enterprise Cloud Experience**: Must have large enterprise IT experience with significant Cloud exposure, ideally influencing *Cloud Security Posture Management* (CSPM) maturity. * **Compliance and Regulation**: Demonstrated security, compliance and regulatory experience in a public cloud environment. * **Strategic Influence**: Able to influence at engineering, architecture, strategic and leadership levels, with excellent written and oral communication skills. * **Certifications**: Have or are working towards a recognised Cybersecurity certification. * **DevOps and Automation**: Experience and familiarity with a range of automated build and deployment tools, alongside Development and Systems Administration experience (ideally with process automation and/or configuration management). * **Policy Development**: Experience planning, researching and developing security policies, standards and procedures related to cloud security. * **Methodology Integration**: Good understanding of *Agile methodologies* and familiarity working in and with DevOps teams to embed process, governance and security into workflows. * **Security Tooling and Administration**: Experience with **SIEM**, anti\-virus software, intrusion detection, firewalls and content filtering; capable of performing security administration and auditing across internal and external networks. * **Threat Landscape Knowledge**: Familiarity with common attack techniques and their remediation/defence (including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing \& Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, and Session Hijacking). * **Core Security Principles**: Solid understanding of security protocols, cryptography, authentication, authorisation and network security implementations. * **Architecture and Implementation**: Strong Cloud architecture and engineering capabilities; ability to build, configure, test and implement Cybersecurity solutions. * **Monitoring and Forensics**: Proficient in logging strategy and implementation, log analysis, post mortem, forensics, and shifting hardening processes as far left as possible. * **Leadership**: Manage and lead a team delivering prioritised initiatives to challenging timescales while driving security roadmap and strategy development. **Desirable Skills and Experience** =================================== * **Regulated Environments**: Experience leading cybersecurity engineering in highly regulated or safety\-critical environments. * **Large\-Scale Data Platforms**: Background in securing large\-scale data platforms or analytics environments in the cloud. * **AI and Machine Learning Security**: Hands\-on involvement in *AI/ML* or data science platform security. * **Strategic Partnerships**: Track record of building partnerships with external vendors, start\-ups or academic institutions on security innovation. * **CSPM at Scale**: Previous responsibility for designing or maturing *Cloud Security Posture Management* capabilities at scale. **Why AstraZeneca** =================== AstraZeneca’s technology organisation combines deep scientific purpose with modern engineering practices to deliver solutions that directly support life\-changing medicines. Teams work with leading\-edge cloud platforms, large\-scale data, AI and machine learning in an environment that encourages experimentation through hackathons, cross\-functional collaboration and continuous learning. Ownership is expected and supported: individuals are trusted to challenge the status quo, design bold solutions and see them through from idea to impact. With strong investment in digital capabilities and a clear mission that connects daily work to real outcomes for patients worldwide, the opportunity to make a meaningful difference is tangible. When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life\-changing medicines. In\-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from our Guadalajara office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world. **Apply now to take the lead in securing our digital future and help outpace the threats that stand between breakthrough science and the patients who depend on it.**