Lead Consultant - Vulnerability Operations

Job Title: Lead Consultant - Vulnerability Operations GCL : E Introduction to role: Are you ready to lead global vulnerability operations that safeguard critically meaningful platforms and keep life-changing science moving? Do you thrive in high-stakes orchestration where every hour matters and precision planning reduces risk across continents? In this role, you will set the rhythm for secure releases, coordinating sophisticated maintenance windows to protect availability for teams who rely on our technology to reach patients. You will partner across regions and platforms to build release strategies that minimize business impact while accelerating vulnerability closure. Your leadership will turn fragmented schedules into a single, predictable operating cadence—aligning collaborators, removing blockers early, and ensuring our digital backbone stays resilient and audit-ready. This is an opportunity to own outcomes end-to-end: from calendar build and change control to war-room command and continuous improvement. Accountabilities: Define, publish, and continuously improve the worldwide patch management schedule. Align regional windows with business interruption periods. Architect scheduling in batches to minimize impact. act. Scope, Baseline, and Readiness Leadership: Govern CMDB-driven scope for monthly CI and quarterly Non-CI cycles; be responsible for the baseline including server lists, batch allocations, exclusions, and special instructions with quality gates and peer reviews. Cross-Platform Pre-Checks: Lead proactive pre-checks across Wintel, Unix, Database, and Middleware to remove execution blockers and improve first-pass success. Business Downtime Planning and Sign-off: Run schema creation and readiness calls beginning approximately eight weeks prior; secure final schema sign-off four weeks before maintenance and chair Business Readiness meetings to resolve dependencies. Change Governance at Scale: Direct creation and approval of Normal Change Requests in ServiceNow with complete impact, risk, backout, test, and communication plans; implement approval SLAs and bring up to protect timelines and compliance. Execution Command and Control: Orchestrate phased deployments across Dev, Pre-Prod, and Prod for CI (N strategy) and Non-CI (N-3 strategy); lead war-room operations, live status, defect triage, rollback decisions, and post-check validation. Collaborate with information security experts to evaluate threat posture for zero-day and ransomware events. Promptly initiate change requests, acquire executive approvals, and ensure auditability. Exceptions and Risk Management: Govern exclusion categories with justification, approvals, and remediation plans; ensure off-cycle changes address excluded servers and track residual risk ownership. Partner and Executive Communications: Apply standard templates for initial and final messages. Share clear executive updates during maintenance weekends and incident response calls. Offer application-specific mentorship and final completion summaries. Metrics, Audit, and Continuous Improvement: Maintain repositories for baselines, schema reports, patch assessments, exceptions, and release metrics; define benchmarks and run improvement sprints; lead post-implementation reviews, root cause analyses, updates to standard operating procedures and workflows, and contribute to RACI and tooling roadmap. Leadership and Mentoring: Coach release managers and developers; standardize guidelines and playbooks; influence platform, security, and application teams to align on risk-based priorities and automation opportunities. Essential Skills/Experience: Shown ownership of a global patching calendar with regionally aligned windows and batch-wise scheduling to reduce business impact. Experience governing CMDB-driven scope for monthly CI and quarterly Non-CI cycles, including enforcement of data quality for Security Patching scope and environment. Hands-on leadership of baselines, including server lists, batch allocations, exclusions, and special instructions, supported by quality gates and peer reviews. Track record running cross-platform pre-checks across Wintel, Unix, Database, and Middleware to eliminate execution blockers and improve first-pass success. Demonstrated ability to plan business downtime and drive schema creation, readiness calls, and final schema sign-off within defined timelines. Experience chairing Business Readiness meetings to ensure outage visibility for manufacturing and operations and to resolve dependencies. Strong governance of Normal Change Requests in ServiceNow, delivering complete impact, risk, backout, test, and communication plans with enforced approval SLAs. Command of phased deployments across Dev, Pre-Prod, and Prod for CI and Non-CI strategies; adept at live coordination, triage, rollback, and validation. Leadership in zero-day and ransomware scenarios, initiating emergency change requests and securing executive authorizations while maintaining audit trails. Rigorous management of anomalies and potential hazards, including exclusion categories, off-cycle remediation, and residual risk reporting. Clear, concise stakeholder and executive communications during maintenance weekends and incident bridges, with application-specific guidance and final summaries. Stewardship of metrics, repositories, KPIs, and continuous improvement sprints; facilitation of post-implementation reviews, root cause analyses, and SOP/process updates. Coaching and mentoring of release coordinators and engineers; alignment of platform, security, and application teams on risk-based priorities and automation. Desirable Skills/Experience: Deep expertise with ServiceNow change management workflows and approval SLAs at enterprise scale. Prior leadership of war-room operations during sophisticated maintenance events across multi-region environments. Experience partnering with Cyber Security on threat assessments and rapid response for zero-day vulnerabilities. Familiarity with factory and process outage planning, with a focus on minimizing production impact. Demonstrable ability to define and supervise benchmarks such as success rate, MTTR, change approval compliance, incident rate, and vulnerability closure time. Contribution to RACI refinements and tooling roadmaps, including driving automation opportunities and standardizing playbooks. Strength in negotiating high-stakes trade-offs with senior collaborators across APAC, Americas, and EMEA. Background maintaining ETS repositories and producing audit-ready documentation for releases and exceptions. When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world. Why AstraZeneca: Here, technology and science meet at scale to create tangible impact for patients. You will work with diverse experts who combine data, platforms, and experimentation to unlock new ways of delivering secure, reliable services across the enterprise. We bring unexpected teams together to spark bold ideas, and we value kindness alongside ambition—giving you the support to take ownership, challenge the status quo, and build the secure operating cadence that powers our breakthroughs. Call to Action: Bring your leadership to this pivotal role and shape a faster, safer release engine that protects our mission—step forward and show us how you will lead Vulnerability Operations at AstraZeneca! Date Posted 18-Jan-2026 Closing Date 25-Jan-2026 AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.