IQVIA is a global leader in healthcare analytics and technology that creates data‑driven solutions across life sciences and healthcare industries.
Role And Responsibilities
The Associate Director – Security Architecture will ensure the secure operation of IQVIA's global IT cloud‑based and merged infrastructure by developing and implementing new cybersecurity safeguards, amending and improving existing safeguards, and contributing to the implementation of necessary security measures and controls across enterprise projects.
This role is part of the global Information Security team, working closely with the CISO organization, business units, and other security managers and staff. It offers an opportunity to liaise with key internal and external stakeholders while strengthening our Information Security function.
Principal Responsibilities
* Lead and support deployment of cloud security solutions such as CASB, SASE, CSPM, CWPP and other enterprise security platforms.
* Drive security architecture and cloud security across the organization, researching and implementing technologies to secure IQVIA environments and solutions.
* Lead key IQVIA projects, including solution design, tool evaluation and selection, proof of concept evaluations with stakeholders, operationalization and transition to BAU teams.
* Evaluate market offerings, drive Proof of Concept evaluations, and collaborate with stakeholders to identify solutions for designs.
* Support a security program focusing on cloud environments (including hybrid cloud), traditional on‑premises environments and environments acquired through M&A.
* Work with IQVIA teams to design and build centralized compute environments, focusing on Microsoft Azure and Amazon AWS CSP environments.
* Document standards, requirements and security guidance for IQVIA stakeholders to drive security.
* Collaborate with the Information Security team to drive Security by Design and shift left by integrating security early in design processes, providing guidance, clear objectives and requirements, and working with teams to threat model and identify risks.
* Develop improvements to the technical security safeguards landscape, including assessment and deployment of new capabilities, technologies, and systems.
* Develop secure architecture strategies for IQVIA with respect to technology domain standards and design goals.
* Ensure delivery of security architecture frameworks, design templates, standards, reference architectures and guidance materials in alignment with the IQVIA Integrated Information Security Framework (IISF).
* Research and identify emerging technology solutions that reduce costs, increase efficiencies and provide more value, capabilities, and security posture.
* Evaluate information security components and conduct feasibility studies for selecting appropriate and cost‑effective solutions.
* Engage with third‑party specialist service providers and vendors where necessary to support program deliverables, including vendor and product selections and organizing necessary operational support.
Required Experience And Qualifications
* Minimum of 7 years of professional experience in Information Security, IT Delivery, IT Program Management or related areas.
* Experience with cloud security and cloud security platforms such as CASB, SASE, CSPM, CWPP, SaaS security, and IaaS/PaaS security for Azure and AWS.
* Experience with Palo Alto Prisma Cloud for Cloud Security Posture Management and Cloud Workload / Container Security.
* Bachelor's degree in business administration, computer science or equivalent work experience preferred.
* A CISSP, CISM, CCSP or equivalent professional certificate is mandatory.
* ITIL, project management or IT architecture certifications such as TOGAF, CEH or GIAC or related certificates preferred.
* Working knowledge of IT governance frameworks and standards such as COBIT, ITIL, ISO27001 and NIST cybersecurity framework.
* Working knowledge of IT architecture frameworks such as TOGAF and/or project management methodologies.
* Familiarity with regulatory and legal requirements related to information security for healthcare data, such as HIPAA and EU Data Protection Directive, or equivalent regional frameworks.
* Experience in information security roles with knowledge of IT infrastructure, network design, databases, processing systems, web applications, mobile technology, cloud, big data, virtualization, protocols and technologies supporting encryption, authentication, access control, information systems attack patterns, intrusion detection and network security.
#J-18808-Ljbffr