Job Title - Associate Director - Cybersecurity Risk Remediation Leader
Career Level - F
Introduction to role
We are seeking an experienced and proactive Cybersecurity Risk Remediation Program Leader to drive the execution of our annual penetration testing and remediation program. In this role, you will manage a small team responsible for coordinating and overseeing the remediation of vulnerabilities identified in penetration tests, collaborating with platform owners, and ensuring vulnerabilities are resolved and retested to maintain a strong security posture across the organization. Additionally, you will lead efforts to continuously improve the remediation process, measure outcomes, and track risk reduction progress. If you are a results-driven leader with a keen eye for detail and the ability to manage complex remediation efforts, this is the role for you.
Program Management and Continuous Improvement: Lead the end-to-end penetration testing and remediation program, ensuring all steps from testing coordination to remediation completion and retesting are handled effectively and within timelines. Continuously evaluate and improve the remediation process based on performance metrics and feedback.
Risk Reduction & Security Posture Improvement: Drive the reduction of risk across the organization through effective remediation of critical vulnerabilities, ensuring that remediations directly contribute to a reduction in overall risk exposure and improved security posture.
Coordinate Pentesting Efforts: Manage external pentesting vendors, ensuring that testing is conducted thoroughly and efficiently on the designated systems and platforms. Ensure scope alignment and that findings are clearly reported.
Performance Metrics & KPIs: Define, track, and report key metrics to assess the success of the program and its contributions to overall security.
Vulnerability Remediation: Analyze pentesting findings to identify the root causes of vulnerabilities and work with platform owners to develop remediation solutions. Coordinate efforts to prioritize, address, and implement fixes.
Cross-Functional Collaboration: Work closely with platform, infrastructure, and development teams to guide them on how to resolve vulnerabilities, provide necessary support, and track remediation progress.
Follow-up and Validation: Lead efforts to verify the successful remediation of vulnerabilities through retesting or other validation methods. Ensure that remediations are completed as intended and meet security standards.
Reporting and Metrics: Maintain detailed documentation of penetration testing findings, remediation efforts, and resolution statuses. Create regular reports for leadership and stakeholders on the progress of remediation activities and overall program health.
Risk Assessment: Help evaluate the severity and business impact of discovered vulnerabilities to ensure that the most critical issues are prioritized and addressed promptly.
Continuous Improvement: Continuously evaluate the effectiveness of the pentesting and remediation program, identifying areas for improvement and driving initiatives to streamline processes and enhance security controls.
Team Leadership: Lead, mentor, and develop a small team responsible for driving the program. Provide guidance, support, and foster a collaborative environment to achieve remediation goals.
Stakeholder Communication: Communicate remediation progress, risks, and challenges to senior management and key stakeholders in a clear and actionable manner.
Bachelor’s degree in Information Security, Computer Science, or a related technical field (or equivalent experience).
6+ years of experience in cybersecurity, with at least 3 years focused on risk remediation, vulnerability management, or penetration testing.
Strong understanding of penetration testing methodologies, vulnerability identification, and risk remediation strategies.
Experience working with external penetration testing vendors and managing the relationship to ensure effective testing and reporting.
Proven track record of managing security remediation programs, including coordinating across multiple teams to address vulnerabilities.
Excellent communication skills, with the ability to explain technical issues to non-technical stakeholders and provide clear, actionable remediation steps.
Strong organizational and project management skills, with the ability to manage multiple remediation efforts and track progress against deadlines.
Ability to work under pressure, manage competing priorities, and lead remediation efforts in a timely and effective manner.
Industry certifications such as CISSP, CEH, or CISM.
Familiarity with regulatory requirements and frameworks such as NIST, ISO 27001, SOC 2, or GDPR.
Experience with threat modeling, risk assessments, and security control frameworks.
Knowledge of secure development practices and familiarity with DevSecOps environments.
When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.
At AstraZeneca, our work has a direct impact on patients by transforming our ability to develop life-changing medicines. We empower the business to perform at its peak by combining cutting-edge science with leading digital technology platforms and data. Join us at a crucial stage of our journey in becoming a digital and data-led enterprise. Make the impossible possible by building partnerships and ecosystems, creating new ways of working, and driving scale and speed to deliver exponential growth.
Ready to take on this exciting challenge? Apply now!
Date Posted
Closing Date
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.