Cybersecurity Director - Product Security Solutions

Leverage technology to impact patients and ultimately save lives. 

Do you have expertise in, and passion for, cyber security? Would you like to apply your expertise to impact the product security in a company that follows the science and turns ideas into life changing medicines? If so, AstraZeneca might be the one for you! 

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development, and commercialization of prescription medicines for some of the world’s most serious disease. But we are more than one of the world’s leading pharmaceutical companies. At AstraZeneca we are dedicated to being a Great Place to Work. 

About our Team

It is a dynamic and results-oriented environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or redefining the roles and work of colleagues, forever. Shape your own path, with support all the way. Diverse minds that work cross- functionally and broadly together.

Introduction to role

Our increased focus on Digital, AI & ML, Data & Data Science along with joint ventures and collaboration with third parties are crafting new opportunities within the Cyber Security team. We are looking for an experienced and strategic Product Security Leader to join our dynamic team. In this role, you will be responsible for shaping the overall security strategy for our products, ensuring the secure design, development, and deployment across the entire product lifecycle. You will help streamline the current product security efforts across various product teams, build the core product security team, collaborate with engineering, development, and cross-functional teams, and drive security initiatives across all stages of product development.

The ideal candidate will have a strong background in system development lifecycle, software or product development experience, software security, threat modeling, and a proven track record of building scalable security programs in a fast-paced, innovation-driven environment. This role requires both technical expertise and leadership skills to influence product design decisions and create a secure-by-design culture.

Accountabilities

Collaboration: Partner with product development, engineering, DevOps, and other teams to identify security requirements, influence design decisions, and ensure security best practices are followed throughout the development lifecycle.
Develop and Lead Product Security Strategy and roadmap for target product domains: Own the vision, roadmap, engineering, and execution of the product security strategy, ensuring the development of trust-by-design products and services.
Product Vulnerability Management: Collaborate with product teams and oversee the identification, prioritization, and mitigation of security vulnerabilities and issues. Lead and coordinate efforts for secure code reviews, threat modeling, penetration testing, and vulnerability assessments.
Risk Management: Assess security risks across product portfolios and recommend remediation strategies while balancing business and technical needs.
Secure Development Lifecycle (SDL): Implement and enforce secure development lifecycle practices including tooling, ensuring products are designed and developed with security built in.
Training and Awareness: Lead initiatives to increase security awareness and knowledge among engineers and product teams through training, workshops, and the development of security resources.
Compliance: Ensure adherence to relevant regulatory requirements and industry best practices related to product security (e.g., GDPR, SOC2, OWASP, etc.).
Leadership: Build, mentor, and lead a high-performing product security team. Foster a culture of security excellence and innovation.

Essential Skills/Experience:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).

• 8+ years of experience in security, with at least 3 years in a leadership role focusing on product or software security.

• Expertise in secure software development, application security, threat modeling, vulnerability management, and penetration testing.

• Strong understanding of common security threats (e.g., OWASP Top 10), attack vectors, and mitigation strategies.

• In-depth knowledge of DevSecOps security tools and techniques for code analysis, vulnerability scanning, and risk assessment.

• Experience working with cross-functional teams, especially product management, engineering, and operations, to integrate security into the product lifecycle.

• Strong problem-solving and analytical skills with the ability to translate technical concepts to business leaders and non-technical stakeholders.

• Excellent communication skills, both written and verbal, with the ability to clearly convey complex security topics to a wide audience.

Desirable Skills/Experience

• Master’s degree in Information Security, Computer Science, or a related field.

• Industry certifications such as CISSP, CISM, or CEH.

• Hands-on experience with security frameworks, tools, and methodologies (e.g., SAST, DAST, threat modeling, etc.).

• Familiarity with cloud security and DevSecOps practices.

• Experience leading security initiatives in agile and fast-paced development environments.

• Knowledge of industry standards and regulations (e.g., ISO 27001, NIST, SOC2).

The annual base pay for this position ranges from 160,313.60 - 240,470.40 USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Join a team with the backing and investment to win! You'll be working with cutting-edge technology. This marriage between our purposeful work and the use of high-tech platforms is what sets us apart. Lead the way in digital healthcare. From exploring data and AI to working in the cloud on new technologies. Join a team at the forefront. Help shape and define the technologies of the future with the backing you need from across the business.

Ready to make an impact? Apply now!