Associate Director, Network Security Governance

Job Description Summary

Location: Prague, Czech Republic; Hyderabad, India; #LI-Hybrid (12 days/month in office)

Internal job title: Associate Director, DDIT ISC NetSec, OT & Config. Governance

The role is based in Prague or Hyderabad. Novartis is unable to offer relocation support for this role: please only apply if this location is accessible for you.

About the Role:

The Network Security Governance team strives to enable a secure, resilient, and compliant network environment by acting as a strategic bridge between Security Architecture and Infrastructure. Our vision is to strengthen cyber maturity and business capabilities through robust governance frameworks, proactive risk management, and continuous improvement.

The Associate Director, Network Security Governance oversees security operations service line, technology governance and external/internal interfaces in accordance with service operations and management processes.

Job Description

Key Responsibilities:  

• Operational Technology (OT) Security Governance: Define and enforce security governance frameworks for OT environments, ensuring alignment with IT security standards; oversee segmentation and access control for industrial networks and critical infrastructure; Collaborate with OT teams to integrate cybersecurity best practices into operational processes.

• Vulnerability Detection & Management: establish governance for continuous vulnerability scanning and assessment across network and OT systems.

• Standard Security Configuration: Develop and maintain baseline security configurations for all devices; monitor compliance with hardening standards and enforce configuration drift controls; implement governance for secure configuration change management across hybrid environment

• Strategic Governance & Policy Leadership: Define and maintain network security governance frameworks, policies, and standards; oversee policy reviews and exception management, ensuring timely approvals and compliance; align governance practices with regulatory requirements and internal audit standards.

• Architecture & Design Oversight: collaborate with Enterprise Security Architecture to ensure network segmentation and macro/micro security controls (e.g., NS-14 and NS-15 IMF enforcement); drive adoption of zero-trust principles and advanced segmentation strategies across hybrid environments.

• Operational Governance: Provide governance for core network security services (firewalls, VPN, SD-WAN, cloud connectivity); ensure service delivery processes adhere to governance standards and segregation of duties; oversee change risk mitigation protocols for high-risk network changes.

• Cyber Maturity & Risk Management: Lead cyber-maturity assessments for network security domains; Monitor compliance with internal and external audit requirements; Identify and mitigate risks related to vendor dependencies and operational gaps.

• Cross-Functional Collaboration: Act as a key interface between Security Operations, IT Infrastructure, and Cloud Services; Partner with business units and project teams to embed security governance in transformation initiatives; Support M&A onboarding and connectivity governance for new entities.

Essential Requirements:

• 5+ years of experience in network security design and governance models as well as OT security governance

• Strong knowledge of firewall technologies, network cloud security, and segmentation strategies.

• Leadership in policy development, compliance, and risk management.

• Ability to manage cross-functional teams and influence senior stakeholders.

• Familiarity with audit frameworks and regulatory standards.

• Network Security Architecture: Strong knowledge of firewalls, IDS/IPS, VPNs, segmentation, and zero-trust models.

• Threat Intelligence & Incident Response: Ability to lead detection, analysis, and response to network threats.

• Cloud & Hybrid Security: Familiarity with securing multi-cloud environments and SD-WAN.

• Encryption & PKI: Deep understanding of cryptographic protocols and secure key management.

• Data-Driven Decision Making: Using metrics and dashboards to monitor network health and compliance.

• Incident Analysis: Root cause analysis and post-mortem reviews for continuous improvement.

• AI/ML in Security: Understanding how automation and AI can enhance threat detection.

• Zero Trust & SASE: Keeping up with modern network security paradigms

Commitment to Diversity & Inclusion:

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

You'll receive (CZ only):
Monthly pension contribution matching your individual contribution up to 3% of your gross monthly base salary; Risk Life Insurance (full cost covered by Novartis); 5-week holiday per year; (1 week above the Labour Law requirement) ; 4 paid sick days within one calendar year in case of absence due to sickness without a medical sickness report; Cafeteria employee benefit program – choice of benefits from Benefit Plus Cafeteria in the amount of 12,500 CZK per year; Meal vouchers in amount of 105 CZK for each working day (full tax covered by company); Car Allowance; MultiSport Card. Find out more about Novartis Business Services:

Why Novartis?
Our purpose is to reimagine medicine to improve and extend people's lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us Learn more here:

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here:

Accessibility and accommodation:
Novartis is committed to working with and providing reasonable accommodation to all individuals. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to receive more detailed information about the essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information. Please include the job requisition number in your message.

Skills Desired

Escalation, Information Security Audit, Information Security Risk Management, Quality Management, Root Cause Analysis (RCA), Sec Ops (Security Operations), Vendor Management

---