Global Head, Cyber Defense & Security Operations

Job Description Summary

Lead the Information Security Operations organization to ensure all Sandoz assets are protected and monitored based on the leading practices for Information Security. This role is solely responsible for overseeing the security posture of our environment in line with commitments made to the Risk Committee of the Board. Responsible for running and engineering all systems that defend the enterprise, by owning the tools used by the security team to maintain the protective state of Sandoz assets and to lead post incident root cause analysis. Oversee and lead the Sandoz Cyber Security Operations Center (SOC), which includes monitoring, detection, coordinated response and management of security incidents and cyber security threats.

Job Description

Global Head, Cyber Defense & Security Operations

Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path, unique opportunities will present themselves, both professionally and personally. Join us, the future is ours to shape!

Job Summary

Lead the Information Security Operations organization to ensure all Sandoz assets are protected and monitored based on the leading practices for Information Security. This role is solely responsible for overseeing the security posture of our environment in line with commitments made to the Risk Committee of the Board. Responsible for running and engineering all systems that defend the enterprise, by owning the tools used by the security team to maintain the protective state of Sandoz assets and to lead post incident root cause analysis. Oversee and lead the Sandoz Cyber Security Operations Center (SOC), which includes monitoring, detection, coordinated response and management of security incidents and cyber security threats.

Your Key Responsibilities:

Your responsibilities include, but are not limited to:

• Provide full visibility of cyber–risk and exposure across the threat landscape, enabling prediction, detection, and response to attacks in near real–time 

• Define the standard for security events and log creation 

• Responsible for all maintenance of the IDS, SIEM, SOAR and email hygiene systems to include configuration changes, updates, and creation of custom detection logic, reporting, and dashboards to provide actionable threats to security operators 

• Develop policies procedures and guidelines for a security incident response program 

• Identify, escalate and communicate security incidents to stakeholders. 

• Perform recovery and restoration of incidents 

• Create, design, and implement test plans for testing the security of systems, processes, and their environment 

• Provide applications teams with comprehensive security testing services and support to minimize the number of vulnerabilities which are released into production 

• Conduct attack and penetration assessments aimed at demonstrating the actual risk that is caused by a cyber security breach and the extent of the security risk exposure to the organization 

• Establish process and capabilities to gather, process, interpret, and to use digital evidence to provide a conclusion such as incident timeline, threat vectors, and threat actors 

• Establish a process detailing different phases of data handling from identification, collection, acquisition to preservation 

• Perform log, network, system memory, and system configuration and file structure collection and analysis to identify what has happened, where it happened, the foothold of the attacker, data at risk, and how to stop the infection and prevent it from happening again 

• Create processes to identify critical security processes and systems supporting the organization and document recovery and restoration procedures 

• Leverage a collection of cyber threat data points for analysis, evaluation against priority intelligence requirements, and synthesis to provide timely, accurate and actionable reporting to security operators and decision makers 

• Leverage threat and business intelligence to craft use cases and detection logic for security tooling 

• Scan the environment to identify threat, malware, perform investigations on those items, and execute a strategy to mitigate the threat or eliminate the malware from the environment 

• Identify, analyse, and address flaws or vulnerabilities in hardware or software that could serve as attack vectors 

• Perform threat hunting proactively to iteratively search through the enterprise to detect and isolate threats attempting to evade existing security controls 

• Perform regular tabletop and red team exercises and incident simulations to test and exercise incident response plans

Minimum Requirements

What you’ll bring to the role:

• At least 15 years of experience in Information Security; experience of running security operations and a Cyber Defense Center (SOC) in regulated environment  

• Excellent negotiation, communication, and interpersonal skills ability to develop influential relationships with different stakeholders across all level 

• Knowledge and experience of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials 

• Change Management Champion with experience in leading teams through large-scale IT change / transformation programs 

• Highly experienced people leader with the ability to lead and develop diverse teams across wide geographies 

• An entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends. 

• Strong project management skills with the ability to multitask and properly delegate work

 Preferred Requirements:

• Master of Science degree or equivalent experience in computer science, engineering or information technology or other relevant field. 

• Certification or accreditation in Information Security (e.g.: CISM, CISA, CISSP, etc.)
• Worked in a regulated environment

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!

Join us!

#Sandoz

Skills Desired

Escalation, Information Security Audit, Information Security Risk Management, Innovation, IT Governance, Secops (Security Operations), Strategic Leadership, Vendor Management

Global leader in generic and biosimilar medicines, operating as an independent company spun off from Novartis. Based in Basel.

sandoz.com