Enterprise Security Architect – Data Security
Barcelona, Catalonia, Spain
Full Time
1 week ago
No Sponsorship
Key skills
AILeadershipProject ManagementRisk ManagementCommunicationPresentation SkillsNetwork Security
About this role
Role Overview
- Develop and enforce security policies and procedures related Data Security across Novartis businesses to meet business and regulatory requirements
- Design security measures and overall Data Security architecture for the IT landscape in line with the ISC policy framework
- Technical lead for PQC readiness program
- Support and continually review technology standards and controls related to Data Security and recommend information technology strategies, policies, and procedures
- Identify design problems within the Data Security domain
- Support projects to evolve Data Security solutions from evaluation to implementation and assist the delivery of the operational model
- Support the auditing of security policies and procedures
- Management communication with key stakeholders and provide reports to management
- Provide ongoing support to maintain the Data Security domain’s effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies
- Develop and maintain relationships with key stakeholders and vendors
- Support the direction of technological research by learning the organizational goals, strategies and business drivers
- Develop and maintain architecture diagrams and documentation related to Data Security processes and procedures
- Break down the strategic objectives to requirements on the solution portfolio and target architecture
- Key contributor on products, services and/or infrastructure strategies that require complex or advanced conceptualization
- Research and evaluate new Data Security technologies and make strategic security technology choices, directly supervising the quality of designs and implementation inside and between components
- Work with improvements, by participation in the development, of the architectural principles, processes, and standards
Requirements
- University working and thinking level, degree in business/technical area or comparable education/experience
- 15+ years of working experience in Security domain; minimum 5 years in architecture capacity; 5+ years of experience of working in or providing IT services to a large enterprise like Novartis.
- Exceptional understanding security domains like Digital Workspace, Data Protection, AI Security as well as good knowledge of Network Security, Identity and Access Management, SIEM, Vulnerability Management
- Strong understanding of core cryptography concepts (encryption, key exchange, hashing, digital signatures): Solid PKI expertise , including certificate lifecycle management, trust models, and enterprise PKI architectures.
- Clear understanding of Post‑Quantum Cryptography (PQC) concepts, quantum risks to current algorithms, and crypto‑agility principles. Ability to assess quantum‑vulnerable cryptographic usage and data protection controls.
- Experience designing data encryption architectures for data at rest and in transit.
- Knowledge of key management and HSM/KMS solutions.
- Familiarity with cryptographic standards and regulatory requirements (e.g., NIST).
- Exceptional understanding and knowledge of general IT infrastructure technology, systems and management processes, and experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities
- Good knowledge of IT Project Management: Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.
- Experience with compliance requirements (e.g. SOX, GxQ / CSV, E-compliance, Records Management, Privacy), and knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
- Strong leadership experience, with excellent written and verbal communication and presentation skills at all levels of the organisation and experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on information risk topics; interpersonal and collaborative skills, as well as good mediation and facilitation skills.
- Good understanding and experience with Enterprise Architecture Frameworks like TOGAF will be an added advantage.
Benefits
- Commitment to Diversity & Inclusion: We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.