Cybersecurity Regulatory Compliance Manager

Cybersecurity Regulatory Compliance Manager
Macclesfield, UK (3 days on site per week)

About AstraZeneca

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development and commercialisation of prescription medicines for some of the world’s most serious diseases. But we’re more than one of the world’s leading pharmaceutical companies. At AstraZeneca, we are pioneering new frontiers by identifying and treating patients earlier, working towards the aim of eliminating cancer as a cause of death.

Come and join our AZ team where you will play a pivotal role in this exciting period of development!!

As Cybersecurity Regulatory Compliance Manager, you will play a central role in implementing AstraZeneca's compliance agenda. This is a delivery-focused role for someone who can confidently work across cybersecurity, risk, legal, compliance, and business teams to lead delivery of actions, drive proactive assurance, and maintain a strong and defensible compliance posture.

This role presents an opportunity to positively impact AstraZeneca’s global cybersecurity posture by building a sustainable regulatory capability, where decisions over AstraZeneca’s cybersecurity position are embedded into our every day. You will drive measurable cultural change for AstraZeneca globally, with sustained regulatory adoption, using best in class and industry leading cybersecurity practices and knowledge, directly leading the organisation’s ability to reduce regulatory risk human cybersecurity risk at scale while enabling the business to operate securely and confidently.

Key Responsibilities:

• Regulatory Implementation: Lead AstraZeneca’s cybersecurity regulatory compliance delivery, translating regulations into practical business and control requirements and setting governance and delivery plans for readiness.

• Governance Management: Run regulatory governance activities, track actions, and provide updates on compliance, risks, readiness, and delivery.

• Training and Awareness: Deliver cybersecurity regulatory training and awareness for leaders and key functions, ensuring stakeholders understand obligations and practical impacts.

• Control Framework and Assurance: Maintain and improve the cybersecurity regulatory control framework, ensuring alignment with regulatory expectations and supporting audits and readiness with robust evidence.

• Audit, Evidence, and Compliance Support: Coordinate audit and review materials, ensure evidence is complete and defensible, and drive closure of compliance gaps.

• Gap Assessment and Remediation: Lead or support gap assessments, track remediation, and help ensure improvements are implemented effectively across functions, markets, and sites.

• Incident Reporting and Regulatory Response: Own cybersecurity incident reporting obligations and coordinate cross-functional input for reporting, documentation, and regulatory response.

• Cross-Functional Collaboration: Work across business, technical, and regional teams, as well as external partners, to embed and evidence cybersecurity regulatory requirements.

• Regulatory Monitoring and Insight: Track regulatory developments and emerging risks, translating them into clear actions for stakeholders.

Requirements:

• BA/BSc degree or equivalent experience in information security, cybersecurity, computer science, law, risk, compliance, or a related subject area.

• A strong, demonstrable understanding of the principles of security governance, risk and controls frameworks within large matrix organisation with diverse countries, cultures and languages.

• Strong communication and stakeholder management skills, with the ability to translate complex regulatory requirements into practical actions and clear updates.

• Experience of interpreting and applying cybersecurity regulations, standards, or supervisory expectations in a practical business environment, ideally across multiple jurisdictions including EMEIA and the UK.

• Demonstrated ability in prioritisation and decision-making for targeting resources, i.e. markets with robust regulatory enforcement vs more relaxed regimes.

• Experience developing the implementation and maintenance of cybersecurity control frameworks, compliance activities, and assurance processes.

• Solid grasp of the relationship between cybersecurity, enterprise risk, legal interpretation, operational resilience, and regulatory compliance.

• Experience in working with data to validate decisions over risk and priority decisions.

• Proven ability in applying security standards / frameworks such as ISO27001, NIST 800-53.

• Familiarity with technical concepts in Cybersecurity, infrastructure or applications.

Desirables:

• Experience and involvement with major IT Security transformation projects or programmes.

• Project or programme management experience.

• Experience managing and/or delivering gap assessments, remediation tracking, and control uplift activities.

In Office Requirement:

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Competitive salary and benefits package on offer!

The successful candidate will have access to a flexible employee benefits fund, including holiday purchase and flexible time off, pension contributions, Share Save Plans, A performance recognition scheme and a competitive, generous remuneration package.

Date Posted

Closing Date