Associate Director, Security Patching (ISC SecOps Vulnerability Services)

Overview

Location : Barcelona, Spain; Hyderabad, India; (12 days / month in office). Internal job title : Assoc. Dir. DDIT ISC SecOps VulnSvcs. The role is based in Barcelona or Hyderabad. Novartis is unable to offer relocation support for this role : please only apply if this location is accessible for you.

About The Role

The Associate Director, Security Patching will join the DDIT ISC Security Operations Vulnerability Services team. The role will focus on reducing risk exposure from security vulnerabilities with major focus on enabling, enforcing and operating scalable remediation through Security Patching process.

Among the responsibilities, the role includes analyzing ongoing security vulnerabilities risk posture, aligning patch-based remediations, collaborating with service lines and finding owners for managing resolutions for patch success, acting as SME to assess discovered vulnerabilities, providing pragmatic solutions and flexibly supporting emergency security patching. Collaboration with cross-functional teams for patch infrastructure health, threat intel, security architecture, remediation and security operations are key.

Please note this position may require flexibility with work schedules (including support outside standard business days / hours) to coordinate emergency response for high-risk vulnerability remediation with relevant stakeholders.

Key Responsibilities

• Govern and operate the Security Patch Management process for technologies such as Windows servers, Unix servers, Windows clients, Mac clients, databases, and middleware.
• Assess daily risk exposure from security vulnerabilities, assess patch applicability and enable scalable remediations through centralized or decentralized patching.
• Monitor patching coverage and compliance using tools such as SNOW, INPAT, SCCM, Intune, JamF, Ansible.
• Generate regular reports on patching status, coverage, and risk metrics; continuously engage with service lines and stakeholders to maintain the process and tools health.
• Assess, initiate and lead emergency patching activities to ensure timely responses to critical vulnerabilities; perform root cause analysis for patching failures and implement corrective actions.
• Create and maintain documentation, including SOPs, work instructions knowledge articles, and training material. Ensure cross-functional relevant documents are maintained / updated from time to time or upon changes to related working.
• Take accountability to ensure adherence with Security and Compliance policies and procedures; implement security policies, procedures, and standards to ensure confidentiality, integrity, and availability of resources from technical vulnerabilities.
• Stay up to date with the latest security threats and vulnerabilities, proactively recommending mitigation strategies.
• Provide security awareness and training to teams and stakeholders.
• Collaborate with various stakeholders from cross-functional service lines, security operations, architecture, cyber, SOC, and application / infra teams to achieve technical risk reduction goals.

Essential Requirements

Desirable

Commitment To Diversity & Inclusion

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Why Novartis

Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us!

#J-18808-Ljbffr