MSD
At MSD, we're following the science to tackle some of the world's greatest health threats. Get a glimpse of how we work to improve lives.
Our IT team operates as a business partner, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and compliant while enabling innovation.
The Executive Director of Cloud and Application Security reports directly to the head of Core Cyber Security Engineering, IT Risk Management and Security (ITRMS). This pivotal role leads the effort to secure our global enterprise digital application environment, including data, cloud and SAAS environments. This position delivers critical insights to our customers.
This role collaborates with ITRMS Value Teams, Technology Infrastructure Operations and Experience, the CTO organization, and key stakeholder leadership across the IT organization. This role represents product security on the Operational Technology Council.
This role will lead their organization to deliver strategic technology outcomes and strengthen the security posture of our applications and of our company, while increasing customer satisfaction with our services.
Primary Responsibilities:
Drive the strategic vision for the Cloud and Application Security Value Teams, encompassing product lines, products, and associated services for Application Security, Cloud Security, and their intersection.Cultivate a culture of automation, continuous improvement, and customer focus within the team, embracing DevSecOps, the Product Model, and related Agile ways of working. Extend this culture throughout the IT organization.Develop and maintain credibility with all stakeholders by being responsive, dependable, focused on value, and results-driven.Transform the existing Application and Cloud Security teams into a new operating model structured by capability, aligned with modern capability delivery and enablement.Develop and implement a comprehensive product security strategy, ensuring that security is integrated into the product development and runtime lifecycles.Lead development of product roadmaps for all products within the product line, including coordination with Value Teams and Product Lines in ITRMS, TIO&E, and CTO.Directly lead a staff of over 25 employees and 30+ partners that work in support of our mission. Set goals, objectives, and development plans for staff members, including skill development, career pathing and mentorship, performance management and feedback, diversity and inclusion, leadership development, and knowledge sharing.Responsible for the management and value realization of a ~$10M IT portfolio.Develop and maintain relationships with partners to advance our product security vision and ensure alignment with the company vision for modern infrastructure and application products.Lead related activities focused on technology decision-making, supplier negotiation, sourcing strategy, and supplier management practices.Act as a trusted advisor by fostering exceptional partnerships with IT leaders and business executives, ensuring a thorough grasp of business requirements.Education Requirement:
Bachelor's degree in information security, computer science, business, or equivalent experience.
Required Experience and Skills:
10+ years' experience leading global teams in a management or leadership role.Experience planning, managing, and implementing information technologies at enterprise scale, in diverse hosting environments.Strong understanding of cybersecurity principles and best practices, including secure software development, threat modeling, secure coding practices, continuous integration/continuous deployment (CI/CD), infrastructure as code (IAC), and related security technologies.Strong understanding of cloud architecture and enterprise systems on public and private clouds.Experience planning and implementing application infrastructure in a secure and compliant manner, complying with relevant regulatory frameworks.Strong understanding of risk management principles and experience in identifying, assessing, and mitigating security risks associated with product development and maintenance.Strong leadership skills, including the ability to communicate effectively with cross-functional teams, executive leadership, business leaders, IT peers and external stakeholders, and colleagues globally.Demonstrates proactive, confident engagement with key stakeholders to understand the business' evolving IT requirements and proposing innovative, cost-effective solutions.Demonstrates experience developing, leading, and implementing programs supporting our IT and company's vision, including experience creating plans, roadmaps, and key results along with supporting financial analyses and budget deliverables.Exhibits executive composure and proficiency in conveying intricate technical concepts in clear and easily understandable business language.Demonstrates leadership in achieving shared objectives in a matrix organization, managing cross-division initiatives in a results-oriented fashion with a reputation for success.Ability to develop staff members in terms of professional development aligned with achieving personal and divisional goals and objectives.Ability to develop effective, influential written and verbal communications.Ability to advocate for and drive new ideas.10+ years' experience working in one or more of the following fields: information technology, cybersecurity, computer science, management, higher education, or a related field.Preferred Experience and Skills:
Knowledge of the NIST Cybersecurity Framework.Knowledge of Zero Trust concepts, including the Zero Trust Maturity Model.Knowledge of the MITRE ATT&CK Framework.Experience with Agile methodologies.Awareness of relevant industry business, information, and technology security evolution in and out of the life sciences domain.Understanding of Pharmaceutical and other regulations such as GxP, SOX, PCI, and data privacy.#J-18808-Ljbffr