Senior Director, Software Assurance

At AstraZeneca, we pride ourselves on crafting a collaborative culture that champions knowledge-sharing, ambitious thinking and innovation – ultimately providing employees with the opportunity to work across teams, functions and even the globe.

Recognizing the importance of individualized flexibility, our ways of working allow employees to balance personal and work commitments while ensuring we continue to create a strong culture of collaboration and teamwork by engaging face-to-face in our offices 3 days a week.

Our head office and BlueSky Hub in downtown Toronto are purposely designed with collaboration in mind, providing space where teams can come together to strategize, brainstorm and connect on key projects. Our dedication to sustainability is also central to our culture and part of what makes AstraZeneca a great place to work.

We know the health of people, the planet and our business are interconnected which is why we’re taking ambitious action to tackle some of the biggest challenges of our time, from climate change to access to healthcare and disease prevention.

Introduction to role: Are you ready to build the trust layer that powers AI-native development and life-changing science? This role turns secure software into a strategic advantage, ensuring that every application we build, buy, or run is safe, resilient, and provably credible.

As Senior Director, Software Assurance, you will lead a global transformation that embeds secure-by-design practices across our engineering ecosystem, from cloud-native and AI-enabled platforms to validated systems supporting critical business operations.

Your work will protect patients and science by reducing enterprise risk, accelerating delivery, and enabling teams to innovate confidently. Based in the US with up to 20% travel, you will partner with senior technology and business leaders to align software assurance to enterprise risk appetite and measurable outcomes.

Can you turn strategy into adoption at scale and deliver demonstrable risk reduction that executives and regulators trust? Accountabilities: Strategy and Programme Ownership: Define and be responsible for the enterprise Software Assurance strategy with an 18–24 month execution roadmap and 3–5 year capability targets; drive the evolution of secure-by-design across the full SDLC for both internal and third-party software, aligned to long-term technology and trust objectives.

DevSecOps Enablement and Paved Path Adoption: Integrate security controls, automated scanning, and policy enforcement into CI/CD workflows; mature the Paved Path pipeline so the secure default is also the fastest path to production, raising engineering productivity while reducing risk.

Tooling Leadership and Automation at Scale: Champion and oversee SAST, DAST, SCA, secrets detection, IaC scanning, SBOM generation, and provenance enforcement using platforms such as GitHub Advanced Security, Snyk (Code and Open Source), SonarQube, Burp Suite Enterprise, OWASP ZAP, AWS Inspector, GitGuardian, Checkov, Wiz IaC, tfsec, FOSSA, and Sigstore/SLSA; guide adoption of AI-assisted development and code review with services such as AWS Kiro.

Supply Chain Integrity and Third-Party Assurance: Establish dependency governance, artifact signing, package registry controls, and vendor assurance requirements; extend SBOM and provenance standards across build, deploy, and runtime to defend against supply chain compromise.

Vulnerability Management and Risk Prioritisation: Oversee enterprise vulnerability management for software assets, focusing on exploitability, asset criticality, and business impact; ensure rapid remediation pathways and durable fixes tied to root cause elimination.

Regulatory and Validated Systems Assurance: Ensure robust security assurance for GxP/validated systems, maintaining compliance with FDA 21 CFR Part 11, EMA Annex 11, and related expectations; be audit-ready with evidence-led controls and end-to-end traceability.

Governance, Metrics, and Executive Reporting: Operate a risk and performance framework that provides clear, actionable posture views; brief senior leadership with metrics that show trend, coverage, and outcomes; direct capital allocation for platforms, tooling, and talent.

Incident Leadership and Continuous Improvement: Lead software security incident response and post-incident reviews, driving systemic improvements into standards, tooling, and operating models to prevent recurrence. Supplier and Ecosystem Management: Own strategic vendor relationships across the assurance tooling landscape; lead commercial negotiations and partnerships to unlock capability, interoperability, and value.

Talent, Culture, and Organisational Development: Build and inspire a high-performing global team; set stretch goals, cultivate psychological safety and deep technical craft; create champion networks and training that shift-left security across engineering communities.

Enterprise Influence and Adoption: Partner with CIO, security leadership, engineering, platform, and risk stakeholders to prioritise the assurance agenda; translate standards and frameworks into practical playbooks that teams adopt at scale.

Essential Skills/Experience: Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related technical field; advanced degree desirable. Minimum 10 years of relevant experience Validated strategic leadership in software assurance, application security, or product security at enterprise scale — with clear accountability for programme delivery and risk outcomes.

Demonstrated expertise in Secure SDLC frameworks (NIST SP 800-218 SSDF, OWASP SAMM, BSIMM) and their practical application across large, global engineering organisations. Hands-on fluency with modern software assurance tooling across SAST, DAST, SCA, secrets management, and supply chain integrity (e.g., GitHub Advanced Security, Snyk, AWS Kiro, SonarQube, Burp Suite Enterprise, Wiz, FOSSA).

Consistent track record in developing and delivering long-term strategic plans that demonstrably improved an organisation's software security posture. Extensive experience reducing cyber risk in large, complex, global enterprises — including regulated environments (pharmaceutical, financial services, or equivalent).

Experience leading large-scale change initiatives from planning to full implementation across geographically dispersed, matrixed organisations. Significant experience leading sizeable teams with direct and indirect reports; skilled at building high-performing engineering and security functions.

Substantial experience communicating with and influencing diverse internal and external stakeholders — including executive leadership, regulators, and supplier/vendor networks — to drive strategy and outcomes. Experience planning and handling multi-million-dollar budgets and resource allocation for a large software or cyber security function.

Desirable Skills/Experience: Relevant security certifications: CISSP, CSSLP, CISM, or equivalent (preferred). Experience in the pharmaceutical or life sciences sector, with familiarity with GxP software validation requirements and regulatory frameworks.

Familiarity with AI-assisted development platforms and their associated security implications — including AI code generation, LLM supply chain risk, and specification-driven development tools such as AWS Kiro. Experience with cloud-native software security (AWS, Azure, GCP), container/Kubernetes security, and API security posture management.

Track record of co-working with cross-functional global leadership across Engineering, Architecture, GRC, Legal, and business technology functions. Why AstraZeneca: Join a company where bold science meets advanced engineering to deliver medicines that change lives.

You will shape software assurance at global scale in an environment that encourages experimentation, invests in modern platforms, and brings unexpected teams into the same room to unleash bold thinking. We move fast with purpose, pairing high standards with kindness and support, and we expect leaders to embrace AI and data to improve how we work.

Your decisions will ripple across discovery, development, manufacturing, and the digital products that connect us to patients, giving you both executive reach and the space to grow craft and team. Call to Action: If you are ready to build the software assurance backbone that accelerates safe, secure innovation for millions of patients, take the lead and apply today!

Great People want to Work with us! Find out why: GTAA Top Employer Award for 12 years Top 100 Employers Award Canada’s Most Admired Corporate Culture Learn more about working with us in Canada View our YouTube channel Are you interested in working at AZ, apply today!

AstraZeneca is an equal opportunity employer that is committed to diversity and inclusion and providing a workplace that is free from discrimination. AstraZeneca is committed to accommodating persons with disabilities. Such accommodation is available on request in respect of all aspects of the recruitment, assessment and selection process and may be requested by emailing AZCHumanResources@astrazeneca.com . #LI-Hybrid Date Posted 26-Jun-2026 Closing Date 10-Jul-2026 Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees.

In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.