Assoc Director, IT Architecture

At Gilead, we’re creating a healthier world for all people. For more than 35 years, we’ve tackled diseases such as HIV, viral hepatitis, COVID-19 and cancer – working relentlessly to develop therapies that help improve lives and to ensure access to these therapies across the globe. We continue to fight against the world’s biggest health challenges, and our mission requires collaboration, determination and a relentless drive to make a difference. Every member of Gilead’s team plays a critical role in the discovery and development of life-changing scientific innovations. Our employees are our greatest asset as we work to achieve our bold ambitions, and we’re looking for the next wave of passionate and ambitious people ready to make a direct impact. We believe every employee deserves a great leader. People Leaders are the cornerstone to the employee experience at Gilead and Kite. As a people leader now or in the future, you are the key driver in evolving our culture and creating an environment where every employee feels included, developed and empowered to fulfil their aspirations. Join Gilead and help create possible, together.Job Description Role SummaryReporting to the Sr. Director, Security Architecture, the Associate Director, Security Architecture, Information Technology Risk & Compliance (SRC) serves as the strategic security partner for Gilead’s global business functions. This leader drives aligned DSP security strategy, guides secure technology adoption.The role collaborates closely with Information Security, Risk & Compliance leaders, IT Business Engagement, Enterprise Security Architecture, Infrastructure Engineering, Application Development teams, business stakeholders and Legal and Compliance departments across all regions.ESSENTIAL JOB FUNCTIONS:Understand, advocate, and influence alignment with business and IT strategy, ensuring security architecture supports enterprise objectivesAnalyze business context, trends, and strategic drivers to translate requirements into appropriate technical architectures, security strategies, and multi-year roadmapsLead requirements gathering, documentation, and traceability for strategic initiatives (e.g., DSP) ensuring alignment between business needs, technical design, and regulatory/compliance requirementsServe as the primary SRC representative and interface for assigned initiatives, including participation in cross-functional program forums (e.g., PM calls), to ensure alignment and continuity across architecture, development, and delivery activitiesPartner with development, testing, and operations teams to support the end-to-end solution lifecycle, including design validation, implementation support, process documentation, training, and rollout of security and procurement-related capabilitiesAct as a key liaison with Legal, Compliance and Procurement stakeholders to ensure systems, processes, and tools align with regulatory obligations and evolving policy requirementsResearch emerging security technologies and industry trends to support continuous security enhancement and innovation effortsAnalyze the current technology environment to identify critical deficiencies, risks, and improvement opportunities, and recommend pragmatic solutionsCreate and deliver clear, executive level presentations to articulate architecture strategies and ensure alignment with Department of Justice (DSP) security standardsHelp define and maintain the principles that guide DSP technical architecture decisions, standards, and tradeoffs across the enterpriseLead and facilitate the evaluation, selection, and standardization of security technologies, including defining implementation patterns and best practicesConsult on solution architecture for in-scope initiatives to ensure compliance with DSP security architecture standards and enterprise guardrailsReview and assess existing security solutions for effectiveness and efficiency, and develop strategies to enhance alignment with current DSP standardsParticipate in security incident investigations as needed, providing architectural guidance and root cause insightSupport internal and external audits, penetration testing, and vulnerability assessments by contributing to responses and recommending risk mitigation actionsAssist in developing, formalizing, and maintaining security policies, procedures, and technical standards, and support monitoring and enforcement of complianceREQUIRED SKILLS & JOB QUALIFICATIONS:Architecture & Technical ExpertiseStrong, track record of designing secure architectures for complex solutions and an ability to deliver results through partnering with stakeholders in IT and the businessSolid understanding of "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique considerations of secure Cloud computing (including effective monitoring)Strong experience with mid/large global enterprises with large geographical topologiesWorking knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release managementSecurity Knowledge & StandardsKnowledge of current Department of Justice (DOJ) technical security and Transfer standards.Broad understanding of security domains including governance, risk management, audit and monitoring, cryptography, data protection, network security, vulnerability management, and incident responseExperience aligning technical solutions with regulatory and compliance requirements, including working with Legal, Compliance, and Procurement functionsStrong Knowledge of IS and Privacy Frameworks/standards such as SSAE16 Type II, Safe Harbor, ISO/IEC 2700x series, NIST 800-53, COBIT, HITRUST, HIPAA, PCI etc.Strategy & VisionAbility to translate business strategy, regulatory requirements, and risk posture into actionable security architectures, roadmaps, and multi-year plans Experience driving end-to-end solution lifecycle execution, including architecture, design validation, implementation support, testing, and operational rollou