IS Enterprise Security Architect Director at Amgen

At Amgen, if you feel like youre part of something bigger, its because you are. Our shared missionto serve patients living with serious illnessesdrives all that we do.

Since 1980, weve helped pioneer the world of biotech in our fight against the worlds toughest diseases. With our focus on four therapeutic areas Oncology, Inflammation, General Medicine, and Rare Disease we reach millions of patients each year. As a member of the Amgen team, youll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives.

Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, youll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career.

Enterprise Cloud Security Architect IS DirectorWhat you will do

Lets do this. Lets change the world. In this vital role you will be responsible for designing, implementing, and maintaining Cybersecurity and Digital Trusts (CDT) Security Architecture Framework and accountable to the Chief Information Security Officer. This position ensures that security measures align with the organization's business objectives, regulatory requirements, and technology strategy. The Enterprise Architect is responsible for delivering secure design security control objectives as defined by the organizations adopted security control framework. The role enables the business to securely achieve its goals by effectively managing risk and ensuring service accountability across all phases and architectural layers of our systems lifecycle process.

The Enterprise Security Architect is CDTs functional leader in the Enterprise Architectural Review process responsible for developing and approving security design patterns for business solutions reviewed and adopted within our Solution Development Lifecycle (SDLC) process. The role closely collaborates with cross functional Enterprise Architects, Security Domain Architects, Service Leads, key collaborators and business partners to assesses the business strategic direction and establish security objectives that produce organizational best practices, approved architectural patterns and reusable elements.

The Enterprise Security Architect Director is part of Amgens CDT team and will be expected to contribute and help deliver services and projects in other areas of information security.

This role is based at Amgen's Capability Center in Tampa, Florida.

The role will be part of the Security Architecture and Engineering (SAE) Team responsible for delivering security services across Amgen globally. Areas of responsibility include:

• Develops strategy, direction and guidance for CDTs Security Architecture Program, Security Reference Architecture and Neighborhood Plan in alignment with Enterprise City Planning strategy
• Steward of the Enterprise Architecture standards and practices across the CDT organization
• Manages CDTs Secure Configuration Baseline program; responsible for establishing security standards for Amgens technology resources
• Maintain Security Architecture Program alignment with CDTs adopted security control framework
• Ensure defensible security control validation process is intrinsically integrated into CDT Security Risk Assessments
• Establish and maintain approved security patterns, methods and reusable elements to accelerate solutions delivery through SDLC
• Work with CDT Domain Architects and Service Leads to ensure robust, well designed systems which are consistent with the Enterprise City Planning strategy
• Work with Security Domain Architects to develop proposals for review by the Enterprise Architecture Review Board
• Active, voting member of the Amgens Architecture Review Board, representing CDT and its business partners
• Partner with the Enterprise Architecture team to refine and develop the Amgen IS City Plan, ensuring security requirements, priorities and business needs are considered
• Provide vision, architectural insight, testing and guidance for introducing new technology into CDT
• Develop a deep understanding of CDTs business needs, processes, and environment
• Develop a deep understanding of CDT deployed system landscape
• An understanding of how to work with, and empower technical and non-technical teams to achieve CDT and operations objectives in a technically sound manner
• Travel: Domestic and International travel up to 25% may be required
• Monitor and manage IS control exceptions that require architectural redesign of underlying architectural layers
• Maintain collaborative partnership with Governance, Risk and Compliance (GRC) Team to establish a service risk posture qualitative/quantitative reporting for CDT services
• Manage and mature Domain Reference Architectural characterization
• Provide security control posture reports to help derive strategic decisions and financial investments that trace directly mitigate control gaps
• Work closely with respective security service leads to develop, maintain and publish technical development plan for each CDT Service domains
• Develop and maintain secure configuration specifications for Amgen infrastructure (IoT, mobile, cloud) on premise and in the cloud
• Define, develop, and maintain the enterprise security architecture vision and strategy.
• Ensure the integration of security controls and measures into IT and business processes.
• Stay ahead of on emerging security technologies, threats, and regulations to guide strategy.
• Design and implement scalable, secure, and compliant architectures for cloud, on-premises, and hybrid environments.
• Establish frameworks for identity and access management (IAM), data protection, application security, and infrastructure security.
• Define technical standards, policies, and practices for secure system development and integration.
• Perform risk assessments and ensure security solutions address organizational risks effectively.
• Ensure compliance with industry standards and regulations (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI DSS).
• Collaborate with legal, compliance, and internal audit teams to address regulatory requirements.

The Functional IS Security Architect Director will also present supported business cases as needed to senior leadership, adhere to policies, guidelines and standard methodologies relative to security. The role may also directly contribute to the development of new policies and practices by suggesting innovative ideas.

We are all different, yet we all use our unique contributions to serve patients. The security architecture professional we seek is a problem solver with these qualifications.

Doctorate degree and 4 years of Cyber Security Architecture experience

Masters degree and 7 years of Cyber Security Architecture experience

Bachelors degree and 9 years of Cyber Security Architecture experience

• Technical Expertise: Solid understanding of biotechnology information systems and associated technology
• Demonstrated ability to architect complex IS systems
• Deep understanding of the requirements for robust well designed IS and business systems
• Experience directing solution design, business processes redesign and software implementation in a drug development lab / commercialization environment
• Deep understanding of operating in a GMP environment and productionizing solutions in a GMP validated state
• Demonstrated ability to understand, and establish adoption model for new technology
• Ability to run inexpensive proof of concepts to establish critical technical understandings
• Ability to lead technical staff
• Broad and deep technical expertise across multiple security domains
• Deep understanding of foundational security principles, best practices, techniques, tactics and procedures
• Broad knowledge of the workings of security-related services like firewalls, intrusion detection systems, advanced anti-malware, secure gateways, security monitoring, data protection, data encryption, cloud security and other industry-standard techniques and practices
• Ability to understand the risks and associated methods to effectively implement appropriate security controls
• Practical Knowledge of Information Security frameworks, standards and policies like ISO 27001/27002, NIST, CCM and others
• Practical knowledge of security architectural frameworks (TOGAF/DODAF, SABSA, etc..)
• Effective lead global, remote teams with team-centric social skills and excellent verbal/written communication skills
• Deep-seated understanding of Agile methodologies and supporting technologies platforms (JIRA)
• CISSP or equivalent security-related industry certifications

As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, well support your journey every step of the way.

The expected annual salary range for this role in the U.S. (excluding Puerto Rico) is $183,028 - $219,674. Actual salary will vary based on several factors including, but not limited to, relevant skills, experience, and qualifications.

In addition to the base salary, Amgen offers a Total Rewards Plan, based on eligibility, comprising of health and welfare plans for staff and eligible dependents, financial plans with opportunities to save towards retirement or other goals, work/life balance, and career development opportunities that may include:

• A comprehensive employee benefits package, including a Retirement and Savings Plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts
• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan
• Stock-based long-term incentives
• Award-winning time-off plans
• Flexible work models, including remote and hybrid work arrangements, where possible

for a career that defies imagination

Objects in your future are closer than they appear. Join us.

careers.amgen.com

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Amgen does not have an application deadline for this position; we will continue accepting applications until we receive a sufficient number or select a candidate for the position.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.