Do you want to build how a global enterprise secures AI and data at scale to accelerate impact for patients?
This is a chance to lead the cybersecurity agenda for the teams building our data products, advanced analytics, AI/ML, Generative AI and agentic automation—so that innovation moves fast without compromising trust.
As the primary strategic cybersecurity partner to our enterprise AI and data leaders, you will represent the CISO to align priorities, embed secure-by-design patterns, and deliver measurable risk and resilience outcomes across cloud-based data platforms and AI ecosystems. You will coach a seasoned team, influence senior stakeholders, and turn complex risk into clear decisions that protect high-value information and business-critical analytics. Can you see yourself turning cutting-edge ideas into secure, dependable capabilities used across the company every day?
Accountabilities
Strategic partnership and governance: Act as the senior security partner to AI and data leadership, aligning enterprise cybersecurity strategy to business priorities; chair or participate in governance forums to enable risk-based decisions and clear accountability across portfolios.
AI and data risk advisory: Provide strategic guidance on risks across the data and AI lifecycle—covering sensitive data exposure, excessive access, insecure model development, prompt/context leakage, model supply chain compromise, adversarial manipulation, insecure APIs, and third-party dependencies—and translate them into pragmatic control choices.
Secure adoption of AI, GenAI, and agentic systems: Define practical control expectations, approved design patterns, and human-in-the-loop approaches for AI/ML, Generative AI, and agentic automation appropriate to data sensitivity and criticality; partner with security engineering, architecture, and delivery to scale secure usage.
Data platform and analytics security governance: Establish and evolve governance for data platforms, lakehouse environments, analytics workspaces, semantic layers, feature stores, model registries, vector stores, and cloud-native services—covering configuration baselines, identity and role design, segregation of duties, logging, encryption, key management, network controls, and continuous control monitoring.
Risk reduction and continuous improvement: Drive vulnerability management, architecture review follow-through, audit and penetration test remediation, and maturity uplift against control frameworks; set KPIs/OKRs and build feedback loops that demonstrate risk reduction and operational effectiveness.
Incident preparedness and response: Strengthen readiness, playbooks, and crisis processes for incidents affecting data platforms and AI services, including model misuse, sensitive data leakage, third-party compromise, privileged access misuse, and disruption to analytics and decision support; lead post-incident learning and preventive improvements.
Threat awareness and horizon scanning: Maintain deep understanding of threats to enterprise AI and data—credential abuse, cloud misconfiguration, data exfiltration, dependency compromise, model theft, prompt injection, data poisoning, jailbreaks, and agentic workflow abuse—and convert insights into timely guidance for stakeholders.
Stakeholder management and influence: Build trusted relationships with senior leaders across R&D, Operations, Commercial, Corporate functions, Legal, Privacy, Architecture, Data Governance, Digital Health, Procurement, and Sourcing to embed security into planning and delivery.
Culture, awareness, and communications: Champion a cybersecurity culture tailored to data engineers, platform engineers, architects, data scientists, analysts, AI product teams, and business users—focusing on secure AI usage, sensitive data handling, prompt hygiene, model/code provenance, privileged access discipline, and reporting obligations.
Lead and coach a high-performing team: Direct security engineers, specialists, and analysts to deliver posture reporting, risk management, remediation, and consulting for cloud-based data platforms and AI ecosystems; set clear goals tied to measurable risk reduction, business enablement, and resilience.
Adapt to change: Navigate a fast-evolving global AI and data ecosystem across major clouds and enterprise tooling, ensuring observability, detection, and monitoring are built in while adoption remains safe and swift.
Essential Skills/Experience
Information security leadership: 10+ years of experience in information security positions, with 5+ years’ experience overseeing an information security function and influencing senior business and IT stakeholders in complex global environments.
Enterprise AI and data domain familiarity: Demonstrated experience supporting enterprise data, analytics, AI/ML, or digital platform functions, with the ability to translate business and technical priorities into effective cybersecurity controls and risk decisions.
AI / GenAI / agentic security expertise: Demonstrated ability to apply and govern security for AI/ML, Generative AI, and agentic automation use cases, including practical understanding of risks such as prompt injection, insecure tool use, data leakage, model manipulation, insecure retrieval, over-privileged agents, and supply chain exposure, with experience translating use cases into measurable business and cybersecurity outcomes.
Data platform and cloud security: Familiarity with securing cloud-based data platforms and analytics environments, including identity and access models, encryption and key management, telemetry and logging, data flow protection, workload isolation, secrets management, and monitoring for misuse or exfiltration.
Experience with platforms such as Databricks, hyperscaler-native data services, or equivalent enterprise data platforms is a strong differentiator.
Application, API, and integration security: Experience with application security and integration security patterns relevant to modern data and AI ecosystems, including API security, OAuth/token hygiene, certificate lifecycle, service-to-service authentication, software supply chain considerations, and secure secrets handling.
MLSecOps / DevSecOps enablement: Experience working with engineering, platform, or product teams to integrate security controls into CI/CD pipelines, data pipelines, model delivery workflows, and infrastructure-as-code practices in cloud-native environments.
Frameworks and control implementation: Experience implementing and operationalizing controls defined by NIST CSF, ISO 27001/27002, and related cybersecurity frameworks, and applying them pragmatically to cloud, data, and AI environments. Familiarity with emerging AI governance and assurance concepts is advantageous.
Risk dashboarding and data-driven execution: Ability to build meaningful risk dashboards and metrics using actionable data to prioritize remediation, demonstrate risk reduction, and support governance decisions across enterprise AI and data services.
Vulnerability and testing management: Understanding of vulnerability management and recurring hygiene efforts across cloud services, data platforms, applications, APIs, containers, and integrations; familiarity with threat modeling, security testing, and penetration testing approaches relevant to web, API, cloud, and AI-enabled services.
Incident response collaboration: Understanding of global security operations and incident response processes, including scenarios such as data leakage, cloud compromise, exposed storage, pipeline compromise, model misuse, and third-party service incidents.
Stakeholder communication: Strong written and verbal communication skills, with proven ability to present complex technical information to both technical and non-technical audiences, including enterprise technology leadership, data and AI leaders, governance bodies, and business stakeholders. -
Execution under pressure: Proven ability to manage competing priorities, operate under time constraints, and drive outcomes through influence across matrixed teams in a fast-evolving technology landscape.
Bachelor's degree in science or relevant technical field of study; Master's preferred.
Desirable Skills/Experience
Professional certifications such as CISSP, CCSP, CISM, or equivalent.
Experience with enterprise AI and data tooling such as Databricks, Dataiku, Domino, Hugging Face, GitHub, AWS Bedrock, Google Vertex AI, and Microsoft Copilot services. -
Familiarity with AI-specific security and governance tools and cloud security posture management for data/AI estates. - Experience establishing or chairing cross-functional governance forums for AI and data platforms. -
Background working in highly regulated or safety-critical environments and with privacy and data protection stakeholders. -
Proven track record of building global, high-performing cybersecurity teams and coaching senior individual contributors.
When we put unexpected teams in the same room, we unleash bold thinking with the power to encourage life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.
The annual base pay for this position ranges from $190,956.80 - $286,435.20 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.
Are you ready to bring new insights and fresh thinking to the table? Fantastic! We have one seat available, and we hope it’s yours. Apply today.
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.
Date Posted
06-May-2026Closing Date
28-May-2026Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees. In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.