Cyber Security Expert – Application Security & DevSecOps

About Sanofi's Cyber Security and Risks & Compliance Team:

At Sanofi, our Cyber Security team plays a crucial role in developing trust in our digital activities. We provide cutting-edge security services to mitigate cyber risks that could threaten our customers, employees, shareholders, products, and processes. As one of the key enablers of Sanofi's digital ambition, we're at the forefront of expediting value creation through innovative and optimized computerized capabilities.

Our global Cyber Security organization operates consistently at Sanofi's scale, addressing any cyber challenge or threat against the company across all corporate and business entities. Our reach extends to our external stakeholders, ensuring comprehensive protection in an increasingly interconnected digital landscape.

We're seeking a dynamic and forward-thinking Senior Cyber Security Strategist to join our team. In this pivotal role, you'll have the opportunity to shape the future of cyber security at a leading global biopharmaceutical company.

Key responsibilities:

·Strategic Partnership: Partner with product teams to provide strategic and subject matter advice across multiple risk domains, ensuring robust security measures are integrated into all aspects of our operations.

·Innovation Leadership: Promote and implement NextGen/predictive monitoring and quality intelligence solutions. You'll be at the forefront of removing barriers to innovation, positioning yourself as a Key Opinion Leader (KOL) in the field.

·Compliance and Control Optimization: Translate complex compliance requirements into effective controls and optimized processes, balancing security needs with operational efficiency.

·Culture Development: Drive a strong Quality & Risk Culture throughout the organization through education, advisory services, automation, and self-service initiatives.

·Digital Trust Building: Contribute to developing trust in Sanofi's digital activities by providing and enhancing security services that protect our stakeholders and assets.

·Cross-functional Collaboration: Work closely with various teams across Sanofi to ensure cyber security considerations are integrated into all relevant projects and initiatives.

3. The profile of the colleague we’d love to work with

Ideal candidate profile:

• Extensive experience in cyber security, with a strong background in risk management and compliance.

• Proven track record of partnering with product teams and translating technical concepts for non-technical audiences.

• Knowledge of NextGen security technologies and predictive monitoring systems.

• Strong leadership skills with the ability to influence and drive cultural change.

• Excellent communication skills, both written and verbal.

• Innovative mindset with a passion for leveraging cutting-edge technologies to solve complex problems.

Formal Education and Experience Required

• University/Master’s Degree in Computer Science, preferably in Cybersecurity.

• Application Security and Penetration testing experience.

• Computer Programming skills, especially in Python,PowerShell, C#, Symfony and API Platform.

• 5 to 7 years of professional experience in application development, of which 3 to 5 years is in DevOps or Cybersecurity.

• Security Certifications like CISSP or CEH (Certified Ethical Hacker) are welcome.

Expertise and Competencies

•    Expertise as a penetration tester at the application level.

•    Expertise in OWASP and MITRE attack framework.

•    Large knowledge in IT, development languages and frameworks and DevOps environments (GitHub), AWS and Azure cloud services.

•    Scripting skills in Shell, Python, PowerShell are expected.

•    Knowledge in containers technologies (RedHat OpenShift and Kubernetes)

•    Leadership and strong communication skills with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.

•    Strong decision making and, capacity to balance human effort vs application business value.

•    Curiosity and appetite for learning new technologies.

•    Appetite for challenges

•    Ability to translate complex technical stories into non-technical language is necessary.

•    Mastery of English is required.

What is expected:

Main missions: ​

• Contribute to develop, improve, and promote the DevSecOps activity and associated processes and tools.

• Onboard business applications in DevSecOps processes, with a primary focus on application code review.

• Support the business stakeholders who are developing applications for Sanofi.

• Make understandable the Cyber risks and core review issues, and how to remediate.

• Manage and support our Cyber services toolset in the DevOps ecosystem.

• Build and contribute to deliver the appropriate dashboards to drive our roadmap and business stakeholders’ engagement.

• undefined

  Key Role:

  Promote the Cyber roadmap and key services.

  Promote Digital standard related to application development.

  Think Cyber-as-a-Service model to empower business stakeholders to take ownership of their applications’ security.

  Always contextualize the risk and ensure that it is understood. Strive to make the best decision and maintain the right balance.

  Do not trust but run checks and controls.

  Build automation everywhere you can and industrialize our cybersecurity processes.

  Lead and or contribute to Cyber in-house tools development (end-user web portal, technical services,…).

  Digital Environment:

  ·Total scope of thousands business applications, written in many different languages. Source code hosted in GitHub.

  ·Strong objective to automate DevSecOps controls and limit cybersecurity human resources effort.

  ·International context and multiple third-party vendors and developers, with variable DevSecOps maturity levels.

  ·Strong partnership with Enterprise Architecture and some highly mature departments to define development practices and technologies evolution.

  ·Growing investments on IA projects, aligned with Data and AI strategy.

  ·Daily interactions with European and Americas-based colleagues.

  4. What you may expect in terms of development opportunities

  Opportunity to work on global, high-impact projects that directly contribute to Sanofi's digital transformation. Collaborative and innovative work environment that encourages continuous learning and professional growth. Chance to be at the forefront of cyber security in the pharmaceutical industry. Competitive compensation and benefits package. Global exposure and the potential to make a significant impact on healthcare through technology.

  Join us in our mission to protect and enable Sanofi's digital future. Your expertise will directly contribute to safeguarding breakthrough medicines and vaccines that improve people's lives around the world.

  5. Pursue progress, discover the extraordinary

  Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.

  At Sanofi, we provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.

  Watch our ALL IN videoand check out our Diversity Equity and Inclusion actions at sanofi.com!