Global Head, Cyber Defense & Security Operations

About the role

Job Description Summary Lead the Information Security Operations organization to ensure all Sandoz assets are protected and monitored based on the leading practices for Information Security. This role is solely responsible for overseeing the security posture of our environment in line with commitments made to the Risk Committee of the Board. Responsible for running and engineering all systems that defend the enterprise, by owning the tools used by the security team to maintain the protective state of Sandoz assets and to lead post incident root cause analysis. Oversee and lead the Sandoz Cyber Security Operations Center (SOC), which includes monitoring, detection, coordinated response and management of security incidents and cyber security threats. Job Description Global Head, Cyber Defense & Security Operations Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path, unique opportunities will present themselves, both professionally and personally. Join us, the future is ours to shape! Job Summary Lead the Information Security Operations organization to ensure all Sandoz assets are protected and monitored based on the leading practices for Information Security. This role is solely responsible for overseeing the security posture of our environment in line with commitments made to the Risk Committee of the Board. Responsible for running and engineering all systems that defend the enterprise, by owning the tools used by the security team to maintain the protective state of Sandoz assets and to lead post incident root cause analysis. Oversee and lead the Sandoz Cyber Security Operations Center (SOC), which includes monitoring, detection, coordinated response and management of security incidents and cyber security threats. Your Key Responsibilities: Your responsibilities include, but are not limited to: Provide full visibility of cyber-risk and exposure across the threat landscape, enabling prediction, detection, and response to attacks in near real-time Define the standard for security events and log creation Responsible for all maintenance of the IDS, SIEM, SOAR and email hygiene systems to include configuration changes, updates, and creation of custom detection logic, reporting, and dashboards to provide actionable threats to security operators Develop policies procedures and guidelines for a security incident response program Identify, escalate and communicate security incidents to stakeholders. Perform recovery and restoration of incidents Create, design, and implement test plans for testing the security of systems, processes, and their environment Provide applications teams with comprehensive security testing services and support to minimize the number of vulnerabilities which are released into production Conduct attack and penetration assessments aimed at demonstrating the actual risk that is caused by a cyber security breach and the extent of the security risk exposure to the organization Establish process and capabilities to gather, process, interpret, and to use digital evidence to provide a conclusion such as incident timeline, threat vectors, and threat actors Establish a process detailing different phases of data handling from identification, collection, acquisition to preservation Perform log, network, system memory, and system configuration and file structure collection and analysis to identify what has happened, where it happened, the foothold of the attacker, data at risk, and how to stop the infection and prevent it from happening again Create processes to identify critical security processes and systems supporting the organization and document recovery and restoration procedures Leverage a collection of cyber threat data points for analysis, evaluation against priority intelligence requirements, and synthesis to provide timely, accurate and actionable reporting to security operators and decision makers Leverage threat and business intelligence to craft use cases and detection logic for security tooling Scan the environment to identify threat, malware, perform investigations on those items, and execute a strategy to mitigate the threat or eliminate the malware from the environment Identify, analyse, and address flaws or vulnerabilities in hardware or software that could serve as attack vectors Perform threat hunting proactively to iteratively search through the enterprise to detect and isolate threats attempting to evade existing security controls Perform regular tabletop and red team exercises and incident simulations to test and exercise incident response plans Minimum Requirements What you'll bring to the role: At least 15 years of experience in Information Security; experience of running security operations and a Cyber Defense Center (SOC) in regulated environment Excellent negotiation, communication, and interpersonal skills ability