387625br
*secops & vulnerability services associate director - americas*:
mexico
*about the role*
location: mexico city - hybrid work.
we are seeking an secops & vulnerability services associate director - americas to reduce risk exposure from security vulnerabilities with major focus on high risk and 0-day vulnerabilities emergency response and remediation.
this role will work directly with ddit and isc team and reports to the dir.
ddit isc secops vulnsvcs.
*responsibilities*:
- act as a technical security sme and point of contact for responding to ongoing high-risk vulnerability exposure:
- monitoring and prioritizing security vulnerabilities through risk analysis to understand potential impact and translate vulnerability severity as security risk.
- identifying potential improvement areas for vulnerability response and shared learned lessons with teams and stakeholders.
- taking accountability to ensure adherence with security and compliance policies and procedures.
- staying up to date with the latest security threats and vulnerabilities, proactively recommending mitigation strategies.
and develop and maintain documentation of related process and best practices.
- implementing security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of cloud resources from technical vulnerabilities.
- providing security awareness and training to teams on security practices and vulnerability related processes.
*commitment to diversity & inclusion*:
- we are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve._
*role requirements*
- university or master level degree in business/technical/scientific area or comparable education/experience
- 8+ years of overall working experience in information security preferably in application security and vulnerability management domain.
- at least 3+ years in handling security vulnerability response and remediation or soc, coordinating with relevant stakeholders, and implementing corrective actions.
- strong security knowledge top security vulnerabilities, leading vulnerability scoring standards, such as cvss, and ability to translate vulnerability severity as security risk.
- hands-on experience monitoring threat intel for high-risk vulnerabilities, finding ownerships, handling shadow it asset scenarios, sensitizing teams for security remediation, performing quick tests for technical vulnerability confirmation, etc.
- demonstrated leadership skills through experience in middle management and/or engagement with large security/development program stakeholders.
- communication and collaboration: persuasive communication skills to effectively convey security risks and vulnerabilities to both technical and non-technical stakeholders, and the ability to collaborate with cross-functional teams.
- strong problem-solving skills and the ability to work independently.
- continuous learning: a commitment to staying up to date with the latest security updates, vulnerability disclosures, and industry best practices.
- knowledge of secure system development, appsec and project/program management
- strong understanding of metrics, kpi/kri, slas, and dashboards for vulnerability management and providing executive reporting.
why novartis?
766 million lives were touched by novartis medicines in 2021, and while we're proud of this, we know there is so much more we could do to help improve and extend people's lives.
we believe new insights, perspectives and ground-breaking solutions can be found at the intersection of medical science and digital innovation.
that a diverse, equitable and inclusive environment inspires new ways of working.
we believe our potential can thrive and grow in an unbossed culture underpinned by integrity, curiosity, and flexibility.
and we can reinvent what's possible when we collaborate with courage to aggressively and ambitiously tackle the world's toughest medical challenges.
because the greatest risk in life is the risk of never trying!
imagine what you could do here at novartis!
*division*
operations
*business unit*
data, digital & it
*work location*
ciudad de méxico
*company/legal entity*
nov corporativo mex
*functional area*
technology transformation
*job type*
full time
*employment type*
regular
*shift work*
no
*early talent*
no