Novartis Israel is looking for an enthusiastic
Information Security Architect to work in Tel Aviv office across information security and risk management and with all IT functions.
Your responsibilities will include, but are not limited to:
complete oversight of entire secure design lifecycle :
Define the tooling and services required for secure software design and development globally across major design fields, e.g. digital, ERP, web applications and Industrial Control Systems.
Define and manage the tooling and services required for security testing services, e.g. penetration testing, mobile application security testing, source code inspection.
Define the tooling and services required for information risk management during projects.
Oversee all vendor contracts for secure software design and development.
Define and report to CISO the appropriate metrics to judge operational effectiveness as well as outstanding risk of the organization due to vulnerabilities introduced by projects, e.g. software vulnerabilities and insufficient development practices
Define remediation requirements for global Application Security project and development teams.
Manage associates that operate secure software design and development and remediation oversight
Define requirements for system retirement or other protection in case software vulnerabilities cannot be addressed in source code itself
What you will bring to the role?
Essential: University working and thinking level, degree in business/technical/scientific area or comparable education/experience
Desirable: Professional information security certification, such as CISSP, CISM is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
7+ years of working experience; 2 of those years with Information Security management
4+ years of working experience managing a SDLC program
Demonstrated senior leadership skills: >2 years’ experience in senior management positions in a matrix organization
Experience in reporting to and communicating with senior level management (with and without IT background), with and without in depth risk management background on information risk topics
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills.
Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes
Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities