Senior Director, Cybersecurity- Architecture

About The Position

Requirements

• Bachelor's degree in science or relevant technical field of study; Master's preferred.
• Proven experience in architecture method execution.
• Significant experience in development and design across technical domains.
• Extensive experience defining and aligning architectural roadmaps and strategies to business strategy.
• Experience with rationalization, consolidation, and integration across business domains using a formal framework.
• Experience with large justification-phase work — product evaluation and business case formulation.
• Experience defining and developing components of an enterprise architecture practice.
• Experience engaging and negotiating with third-party suppliers.
• Experience influencing cross-functional global leadership and other senior stakeholders to adopt change or innovative IT solutions.
• Extensive experience managing geographically dispersed teams in a global matrix organization with direct and indirect reports — providing oversight, guidance, and mentoring.
• Extensive experience working across boundaries — internally, cross-functionally, externally, internationally, and cross-culturally.
• Experience planning and managing budgets and resources for a large IT infrastructure function.
• Experience co-working with cross-functional global leadership and other senior stakeholders preferred.
• Substantial experience communicating with and influencing diverse internal and external stakeholders, including supplier and vendor networks, across areas and geographies, to drive infrastructure strategy and outcomes.
• Substantial experience anticipating, assessing, and managing project risks.
• 15+ years in information security with 10+ years focused on security architecture and engineering; 5+ years in leadership roles.
• Deep expertise in cloud security architecture (AWS, Azure, GCP) including multi-cloud and hybrid cloud patterns, IaC and DevSecOps, container and serverless security.
• Proven experience with AI/ML and generative-AI security — model security, adversarial ML, data protection, AI governance, prompt-injection defense, AI-agent security.
• Strong background in data security architecture for enterprise data platforms, analytics, and data governance (classification, encryption, tokenization, DLP, privacy-enhancing technologies).
• Experience with Zero Trust Architecture design and implementation; identity fabric, PAM, NHI governance, passwordless authentication, ZTNA/SASE.
• Knowledge of OT/ICS security architecture for manufacturing or critical-infrastructure environments (Purdue Model, IEC 62443) — pharmaceutical experience highly desirable.
• Familiarity with regulated-industry requirements (GxP, 21 CFR Part 11, EU Annex 11, ALCOA+, CSV/CSA, GDPR, HIPAA) and ability to design controls that satisfy them without impeding innovation.

Nice To Haves

• Master's preferred.
• Preferred certifications: CISSP, CCSP, SABSA; cloud-platform security specialty certifications (AWS, Azure, GCP); GIAC Security Architecture or Cloud Security; CISM.
• Experience co-working with cross-functional global leadership and other senior stakeholders preferred.
• Pharmaceutical experience highly desirable.

Responsibilities

• Define the architecture strategy, direction, and standards pertinent for the cybersecurity architecture segment.
• Analyze and translate business priorities and strategies into architecture requirements for the enterprise.
• Act as an authority to the architecture community and the business regarding strategic architecture decisions for the cybersecurity segment.
• Drive, review, approve, and oversee development and deployment of cybersecurity architecture roadmaps and blueprints (1–5 year horizon) as well as solution and segment architectures in alignment with global strategies and solutions.
• Ensure continuous alignment of capabilities with current business priorities and objectives.
• Contribute to strategic technology and architecture decisions as part of cross-functional decision-making bodies (e.g., SARB, Enterprise Architecture Review Board, IT Leadership Team).
• Lead the development and implementation of Enterprise Architecture (EA) standards, processes, and tools as they apply to cybersecurity.
• Engage with project and service teams in the development, implementation, and maintenance of standard architectural components.
• Drive creation of functional design documents — including the risk and change management portions of the architectural lifecycle — across portfolios.
• Lead resolution of complex cross-domain and technical concerns, needs, and suggestions from business teams across portfolios to improve architecture design and mitigate risk.
• Act as strategic architectural advisor and provide technical counsel to global leadership teams — both business and IT — on potential business-critical enterprise needs and risks.
• Present strategic recommendations for systemic, structural, and technology solutions to executive leadership, including the CISO, CIO, and Audit Committee where appropriate.
• Lead Security Architecture Review Board (SARB) activity for major initiatives and technology investments, ensuring consistent, risk-based architecture decisions.
• Conduct architecture risk assessments and threat modeling for critical systems and initiatives; manage architecture exceptions and waivers with documented risk acceptance.
• Provide direction to third-party suppliers to ensure adherence to technical development and delivery aligned with the architecture roadmap, blueprint, and information systems strategy.
• Evaluate vendor security architectures for major technology procurements; influence vendor roadmaps to address industry and regulatory security requirements.
• Establish secure integration patterns with strategic partners, contract research and manufacturing organizations, and external collaborators.
• Direct and drive monitoring, measurement, and reporting around the performance of current and upgraded architecture, systems, solutions, and frameworks across portfolios.
• Maintain an architecture repository with patterns, standards, approved designs, and security control mappings to compliance frameworks and audit requirements.
• Track adoption of published security architecture standards and reference architectures; report on maturity, exception volume, and risk posture to leadership.
• Monitor and identify IT architecture best practices and emerging technologies regionally and globally to facilitate enterprise technology decisions.
• Evaluate security implications of emerging technologies — quantum computing, post-quantum cryptography, edge AI, blockchain, and conduct proof-of-concept architectures.
• Serve as a recognized thought leader within and beyond the organization, typically with leadership roles in multi-institution collaborations.
• Represent the company at industry forums, standards bodies, and peer working groups (e.g., Pharma ISAC, IEC 62443 working groups).
• Actively monitor the strength of the IT architecture talent pipeline.
• Propose and implement strategic future-focused skill-development interventions across areas through cross-functional, regional, and external partnerships to equip and adapt the IT architecture workforce to evolving technologies.
• Define security-architect competency models and career progression pathways; facilitate an architecture community of practice for knowledge sharing across the organization.
• Develop, deliver, and monitor budgets — including capital — for the cybersecurity architecture segment.
• Collaborate with business and regional leaders for prioritization and alignment of segment IT architecture strategy, goals, and projects.
• Build, lead, and motivate IT architecture teams to achieve stretch goals.
• Develop the professional and leadership capabilities of IT architecture professionals and managers through coaching, delegation, development plans, stretch assignments, and rotations.
• Lead and mentor a team of specialized security architects (Cloud Security, AI/Data Security, OT/ICS Security, Application Security, Infrastructure Security).

Benefits

• qualified retirement program [401(k) plan]
• paid vacation and holidays
• paid leaves
• health benefits including medical, prescription drug, dental, and vision coverage