Cyber Security Analyst
Location: Macclesfield, UK / Cambridge, UK / Gothenburg, SWE / Gaithersburg, US
Competitive salary and benefits package
AstraZeneca (AZ) are a global, science-led biopharmaceutical business whose innovative medicines are used by hundreds of millions of patients worldwide. Our IT 2025 strategy is focused on Smarter, Faster, Leaner and Better and we’re looking for a Cyber Security Analyst to play an active part in helping make this strategy a reality.
AstraZeneca’s IT capability is world-class. As an IT capability, we:
- Believe in Lifelong Learning
- Endeavour to be a great place to work
- Actively encourage a “Speak Up” culture
- Lead the way in Sustainable IT & Social Impact
- Are actively working towards becoming a digital organization
The focus on Digital, AI & ML, Data & Data Science along with joint ventures and collaboration with third parties are creating new opportunities within the Cyber Security team. Cyber Security will need to be the cornerstone of our IT strategy as we move towards our future objectives.
We’re looking for IT security professionals that can help us on the journey through this challenging and ever-changing risk landscape.
In the role of Cyber Security Analyst, you’ll operate within the Cyber Security Governance, Risk and Compliance (GRC) team (under AZ’s Enterprise Technology Services (ETS) division) to ensure that AZ’s IT and information assets are adequately protected in relation to confidentiality, integrity, and availability, across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.
The role-holder will work closely with all IT functions and AZ business areas to identify new and emerging cyber security risks and provide support to risk owners to assess and record these risks in the AZ enterprise register, whilst also ensuring that appropriate risk mitigation activities are delivered in accordance with the agreed time frames consummate with the risk profile.
The role-holder will also support the wider Cyber Security GRC team to undertake risk assessments of AZ solutions, technologies, applications (both cloud & on-premise), processes, external third parties and business partners, as well as identifying gaps in compliance to our IT Security Policy Framework.
The core accountabilities for the role include:
- Respond to enquiries regarding new and emerging cyber risks that are raised by AZ IT functions and business areas
- Conduct NIST Cyber Security Framework aligned risk assessments (covering processes, infrastructure, and applications) to identify and report on cyber security risk exposures
- Work with AZ IT functions and business areas to identify appropriate risk owners and ensure that appropriate risk mitigation activities are defined and delivered in accordance with the agreed time frames consummate with the risk profile
- Produce reporting on high-risk areas which clearly and concisely communicate the risk profile
- Maintenance of cyber security risks and associated mitigation/acceptance plans within the AZ enterprise risk register
- Contribute to the maintenance of AZ’s IT Security Policy Framework, including reviews and updates to security and risk policies and standards
- Work with a wider team of security professionals delivering services to teams across AZ IT functions and business areas to support compliance with AZ’s IT Security Policy Framework
- Work across all areas of Cyber Security and other key partners to ensure consistently high-quality communications
Education, qualifications & experience
- Experience of security assurance and risk management activities
- Experience working within a cyber security / audit function
- Have or are working towards a recognised Cyber Security certification such as CISSP, CISA, CRISC or CSCP or other relevant certification
- Experience of working with IT security policies, standards, and procedures against frameworks such as NIST CSF, NIST 800-53, and ISO27001
- Good awareness of IT architecture, design, configuration, and implementation
- Familiarity with security controls including endpoint protection, anti-virus software, intrusion detection and prevention, firewalls, and content filtering
- Familiarity with common attack techniques and their remediation/defence including DoS/DDoS, social engineering, malware/ransomware, vulnerability exploitation, phishing, application vulnerabilities etc
- Demonstrable experience in producing reports and preparing slides (PowerPoint)
- Experience working within global organisations and across a range of industries and sectors
- Experience working within complex IT on-premise and cloud (public / private / hybrid) environments
- Familiarity with SOX & GxP compliance
- Experience of administering IT systems (various platforms / product families)
Skills and Capabilities
- Capable of working in complex / ambiguous scenarios and creating an approach to deliver successful outcomes
- Capable to analyse and understand threats, and prioritise the risks that really matter
- Able to map governance and compliance frameworks and controls to technical implementations
- Able to define security policies, standards, and processes
- Excellent written and oral communication skills and capable of understanding and empathising with how IT professionals interact with cyber security policies, standards, and processes
- Communicate clearly and effectively with AZ’s IT functions and business areas
- Continually demonstrate the desire to learn
So, what’s next?
Are you ready to bring new ideas and fresh thinking to the table? Brilliant! We have one seat available and we hope it’s yours.
Where can I find out more?
Our Social Media, Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/
Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/
Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en
Our Company Values & behaviours underpin everything we do so please take a moment to familiarize yourself with them. You may also want to check out our new R&D Video showing how we turn Science into Medicines.
Job open date: 01/02/2022
Job close date: 15/02/2022