The Global Information Security Business Technology (GIS-BT) team delivers three core capabilities for Pfizer. The team secures the most important information assets through world-class protective controls, promotes a cybersecurity ownership culture across the company through targeted awareness education to empower colleagues to make informed risk decisions, and partners with business leaders to enable improved outcomes through the effective application of technologies that simplify user experience and reduce risk.
The Architecture and Orchestration Professional is accountable for advancing GIS-BT’s detection and prevention capabilities through technical design to meet business requirements, and standardization, and innovative solutions using orchestration. The primary responsibilities include defining solution requirements, identifying and testing use cases to verify designs, and developing and enhancing orchestrated security actions to enable human decisions to act at enterprise scale. The Architecture and Orchestration Professional works with BTI and across GIS to deploy new security solutions and transition established technologies to operational teams. This position will work closely with the Cyber Threat Analysis and Response team to orchestrate manual actions for consistency and speed, and with the Security Governance and Risk Management team to improve global compliance to standards. This position will also works closely with organizations external to GIS-BT to apply cybersecurity standards to support unique business challenges, or develop new solution requirements to meet business requirements, and identifying solutions suitable for migration to cloud-hosted infrastructure. To the greatest extent possible, this position will enable GIS-BT to be more effective, individually and as teams, through self-service or automated methods.
This role has responsibilities in three primary areas.
- Maintain cybersecurity architecture roadmaps and enhance periodic review process
- Maintain cryptographic standard following defined cadence
- Collaborate with applicable BTI and GIS groups regarding cybersecurity priorities and manage an annual summit
- Represent GIS-BT on planning teams for specified projects
- Maintain awareness of industry trends and security technologies, identify emerging global trends both inside and outside Pfizer, and raise opportunities for innovation and improving cybersecurity
- Prioritize data sources required for Orchestration
- Develop standard document for creating and establishing orchestrated workflows
- Actively participate with subject matter experts in design requirements, development and implementing orchestration capabilities
- Develop orchestration and automation capabilities to enable the GIS-BT team and Pfizer for faster and more consistent workflows
Production implementation and operation:
- Assist in transitioning new capabilities to operational support teams
- Engage vendor support to address gaps or deficiencies
- Identify solutions to persistent operational challenges
- Participate in recurring meetings that review emerging threats and identify opportunities to leverage existing capabilities to improve detection and prevention across the organization
- Promote risk-acceptance through quantifiable metrics
- Participate in Incident and Problem Management activities based on Information Technology Infrastructure Library (ITIL) best practices and contribute to related internal and customer status communications
- BS required. BS in Computer Sciences, Engineering, or related field a plus. Graduate level study in cybersecurity preferred.
- 4+ years IT experience preferred
- 3+ years experience supporting cybersecurity capabilities in an enterprise organization preferred
- 3+ years experience with using cryptographic technologies preferred
- 3+ years experience in pharmaceutical or other regulated industry
- Understanding of trust relationships and cryptographic protection and verification
- Experience coding in Python is a plus
- Ability to perform detailed analysis to identify key design elements and implementation imperatives for large and/or complex security projects.
NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS
- Standard work schedule, 20% domestic travel, and occasional international travel