Job Description
Summary
Provide a brief (3 4
sentence) description that
states why the job exists
and describes the nature
and level of work. As a Senior Digital Cybersecurity Architect, you will shape and safeguard the digital backbone of our AI, cloud, and hybrid IT/OT initiatives. You will drive security design, governance, and lifecycle management across systems, processes, and organizational interfaces ensuring that innovation and compliance go hand in hand. This role combines strategic influence with hands-on expertise: you will design and implement robust solutions, guide architecture decisions, and act as a trusted advisor to senior business and technology stakeholders. Your work will span enterprise IT, OT, and RD DevOps environments, embedding secure-by-design principles throughout the software and system lifecycle.
Job Description
(Key Accountabilities)
Define all key
accountabilities (5-10),
which the role will be
expected to perform in
short to medium future.
Make sure that you list the
accountability on top,
which the role will be doing
most frequently and which
has most impact on the the
team/BU/Lonza. Begin
each sentence with an
action word, e.g. Provides
appropriate coaching and
performance feedback to
all direct reports. Architecting and governing security for AI and cloud projects, including requirements engineering, technical architecture solution contribution, system hardening, and policy development. Driving initiatives in Identity Access Management (IAM), Privileged Access Management (PAM), IT/OT segmentation, and CMDB integration (e.g., ServiceNow, Azure). Partnering with RD DevOps teams to embed security into CI/CD pipelines, enforce advanced cryptographic standards, and streamline secure coding practices. Exploring and applying emerging technologies including large language models (LLMs) and automation to scale security processes and improve efficiency. Bridging stakeholders across IT, OT, and business functions, aligning priorities, and promoting pragmatic, secure, and compliant digital solutions. We are seeking a profile with: Proven hands-on experience in system administration, software development, and security architecture. Proven capability to be able to leverage AI to get to faster outcomes A holistic understanding of cybersecurity, with the ability to deep dive into specialized domains as needed. Strong process, organizational, and stakeholder management skills. Natural curiosity and drive to learn, with a track record of adapting to new technologies especially in the context of AI and automation. Ideally an understanding of GxP in context of lifesciences and initial experience in SecDevOps and MLOps
Skills What analytical capabilities or niche skillset does this role require
Technical Skills
Privileged Access Management (PAM):
o Deep expertise in PAM concepts (vaulting, session management, JIT privilege) and
network architecture design.
o Experience with leading PAM platforms (e.g., CyberArk, Delinea Thycotic, BeyondTrust).
Identity Access Management (IAM):
o Mastery of identity lifecycle management, RBAC, SoD analysis, and integration of IAM
sub-systems (Active Directory, Azure Entra ID, third-party IdPs).
o Experience with Azure AD Connect, SCIM provisioning/deprovisioning, and custom
connectors.
IT/OT Segmentation:
o Proficient in designing secure network segmentation frameworks for hybrid IT/OT
environments.
o Familiarity with Azure network security groups, on-prem firewalls, segmentation tools, and
OT isolation.
Governance Controls for Tiering Concept:
o Expertise in defining tier classifications (Tier-0: critical identity services; Tier-1: enterprise
servers/applications; Tier-2: user workstations) and enforcing access boundaries.
o Ability to develop approval workflows, monitoring requirements, and change management
gates specific to each tier.
o Experience validating that segmentation and access controls align with tier definitions to
minimize risk and meet compliance.
Web Application Firewalls (WAF):
o Experience deploying and tuning AWS WAF or Azure WAF or F5 ASM to mitigate OWASP
Top 10 risks.
o In-depth knowledge of TLS/SSL, including quantum-safe cipher suites and certificate
lifecycle management.
ServiceNow CMDB Process Design:
o Expertise in ServiceNow CMDB data modeling, CI relationships, discovery automation,
and governance workflows.
o Ability to create and enforce CMDB data quality rules, attribute normalization, and
reconciliation processes.
Requirements Engineering Security Process Design:
o Skilled at eliciting, documenting, and refining URS, DS, IQ/OQ/PQ documents in highly
regulated (GxP) environments.
o Experience mapping security requirements to system architecture, controls, and audit-
traceable documentation.
