Job Description Summary

Location: Barcelona, Spain; Tel Aviv, Israel
#LI-Hybrid
Internal job title: Assoc. Dir. DDIT ISC Enterprise Security Architecture - Data Security

The Enterprise Security Architecture team is looking for an Enterprise Security Architect - Data Security, who will work across information security & risk management, with all information technology functions to ensure Novartis 'Digital Workspace' is designed and implemented as per defined policies, standards and industry good practices. They will be responsible for designing, implementing, and maintaining security controls for End User Computing (EUC), Microsoft 365, Voice and Video Collaboration platforms.

This role requires close collaboration with Enterprise Architects and Functional Security Architects to ensure a holistic approach to security across the organization. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist who can think outside the box. The individual must be highly collaborative as they will need to influence functional leadership, project and application managers, architects, engineers and developers.

Job Description

Key responsibilities:

• Develop and enforce security policies and procedures related Data Security across Novartis businesses to meet business and regulatory requirements

• Design security measures and overall Data Security architecture for the IT landscape in line with the ISC policy framework

• Technical lead for PQC readiness program

• Support and continually review technology standards and controls related to Data Security and recommend information technology strategies, policies, and procedures

• Identify design problems within the Data Security domain

• Support projects to evolve Data Security solutions from evaluation to implementation and assist the delivery of the operational model

• Support the auditing of security policies and procedures

• Management communication with key stakeholders and provide reports to management

• Provide ongoing support to maintain the Data Security domain's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies

• Develop and maintain relationships with key stakeholders and vendors

• Support the direction of technological research by learning the organizational goals, strategies and business drivers

• Develop and maintain architecture diagrams and documentation related to Data Security processes and procedures

• Break down the strategic objectives to requirements on the solution portfolio and target architecture

• Key contributor on products, services and/or infrastructure strategies that require complex or advanced conceptualization

• Research and evaluate new Data Security technologies and make strategic security technology choices, directly supervising the quality of designs and implementation inside and between components

• Work with improvements, by participation in the development, of the architectural principles, processes, and standards

Essential Requirements:

• University working and thinking level, degree in business/technical area or comparable education/experience

• 15+ years of working experience in Security domain; minimum 5 years in architecture capacity;

• 5+ years of experience of working in or providing IT services to a large enterprise like Novartis.

• Exceptional understanding security domains like Digital Workspace, Data Protection, AI Security as well as good knowledge of Network Security, Identity and Access Management, SIEM, Vulnerability Management

• Strong understanding of core cryptography concepts (encryption, key exchange, hashing, digital signatures):

  • Solid PKI expertise, including certificate lifecycle management, trust models, and enterprise PKI architectures.

  • Clear understanding of Post‑Quantum Cryptography (PQC) concepts, quantum risks to current algorithms, and crypto‑agility principles.

  • Ability to assess quantum‑vulnerable cryptographic usage and data protection controls.

  • Experience designing data encryption architectures for data at rest and in transit.

  • Knowledge of key management and HSM/KMS solutions.

  • Familiarity with cryptographic standards and regulatory requirements (e.g., NIST).

• Exceptional understanding and knowledge of general IT infrastructure technology, systems and management processes, and experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities

• Good knowledge of IT Project Management: Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.

• Experience with compliance requirements (e.g. SOX, GxQ / CSV, E-compliance, Records Management, Privacy), and knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL

• Strong leadership experience, with excellent written and verbal communication and presentation skills at all levels of the organisation and experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on information risk topics; interpersonal and collaborative skills, as well as good mediation and facilitation skills

Desirable

• Good understanding and experience with Enterprise Architecture Frameworks like TOGAF will be an added advantage.

Commitment to Diversity & Inclusion:

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Why Novartis?
Our purpose is to reimagine medicine to improve and extend people's lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www.novartis.com/about/strategy/people-and-culture

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network

Accessibility and accommodation:
Novartis is committed to working with and providing reasonable accommodation to all individuals. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to receive more detailed information about the essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information. Please include the job requisition number in your message.

Skills Desired

Business Architecture, Business Value Creation, Change Management, Consulting, Decision Making Skills, Digital Capabilities, Effective use of Technology, Enterprise Architecture, Influencing Skills, IT Governance, Organization Awareness, Solution Architecture, Stakeholder Management