Identity & Security Engineering Lead
About Astellas:
Astellas is a global life sciences company committed to turning innovative science into VALUE for patients. We provide transformative therapies in disease areas that include oncology, ophthalmology, urology, immunology and women's health. Through our research and development programs, we are pioneering new healthcare solutions for diseases with high unmet medical need. Learn more at Astellas.com.
Are you driven to make a real difference in the lives of patients?
We're seeking passionate individuals who thrive in dynamic environments, embrace new ideas, and aren't afraid to take intelligent risks. People who act with unwavering integrity and are deeply committed to making a tangible impact.
Astellas’ Global Capability Centres – Overview:
Astellas’ Global Capability Centres (GCCs) are strategically located sites that give Astellas the ability to access talent across various functions in the value chain and to co-locate core capabilities that are currently dispersed. Our three GCCs are located in India, Poland and Mexico.
The GCCs will enhance our operational efficiency, resilience and innovation potential, enabling a timely response to changing business demands.
Our GCCs are an integral part of Astellas, guided by our shared values and behaviours, and are critical enablers of the company’s strategic priorities, sustainable growth, and commitment to turn innovative science into VALUE for patients.
Location and Working Environment:
This is a permanent role based in our Global Capability Centre in Warsaw, Poland and hybrid working with the expectation for some office presence. Flexibility may be required in line with business need. Candidates must be located within a commutable distance of the office.
Astellas’ Responsible Flexibility Guidelines Statement - At Astellas we recognize the importance of work/life balance, and we are proud to offer a hybrid working solution allowing time to connect with colleagues at the office with the flexibility to also work from home. We believe this will optimize the most productive work environment for all employees to succeed and deliver. Hybrid work from certain locations may be permitted in accordance with Astellas’ Responsible Flexibility Guidelines.
Purpose & Scope:
We are seeking an experienced leader to serve as the Identity & Security Engineering Lead. This role will be responsible for defining strategy, leading teams, and ensuring operational excellence across our Microsoft identity management platforms while also overseeing broader security engineering domains including cloud security, OT security, application security, and infrastructure security.
A critical focus area will be advancing our Multi-Factor Authentication (MFA), Conditional Access, and Privileged Access Management (PAM) capabilities to enable secure, seamless user experiences. Beyond identity, this leader will drive security engineering excellence across cloud, OT, and enterprise platforms.
This role will be accountable for global delivery through a hybrid workforce model, managing both internal engineering teams and external service providers/partners across multiple regions and time zones. Operating within an agile delivery model, the Identity & Security Engineering Lead will ensure identity and security engineering capabilities are delivered with speed, adaptability, and business alignment.
Role and Responsibilities:
Strategic Leadership
· Define and execute the enterprise vision for Microsoft Identity platforms (Active Directory, Azure AD / Entra ID, M365 Identity Services, MFA, Conditional Access, PAM).
· Lead strategy and delivery across broader security engineering domains including cloud security, OT security, and infrastructure/application security.
· Drive a global MFA-first strategy, embedding Zero Trust principles across the enterprise.
· Ensure identity and security engineering programs support digital transformation, cloud adoption, and regulatory compliance.
Operational Excellence
· Ensure global reliability and performance of MFA and Conditional Access policies.
· Automate identity lifecycle management (provisioning, de-provisioning, access reviews, PAM).
· Deliver security engineering solutions for cloud platforms (Azure, AWS, GCP) and OT/critical infrastructure environments.
· Apply agile delivery methodologies to accelerate delivery, manage backlogs, and adapt quickly to evolving requirements.
· Manage service delivery performance across both internal teams and external vendor partners.
· Risk, Compliance & Governance
· Partner with GRC to ensure identity and security engineering controls meet NIST CSF, ISO 27001, SOX, HIPAA, EU AI Act, and other regulatory frameworks.
Continue: Role and Responsibilities
· Lead audit and compliance programs across identity, cloud, and OT security domains.
· Anticipate and mitigate emerging risks by adapting MFA and security engineering strategies.
Collaboration & Influence:
· Serve as a trusted partner across infrastructure, applications, OT, business stakeholders, and senior executives.
· Position MFA, identity, and security engineering as key enablers of business productivity and compliance.
· Represent the function in enterprise-wide programs including global network refresh, cloud adoption, OT modernization, and M&A integrations.
· People & Talent Leadership
· Lead and mentor a global team of internal and external resources, ensuring alignment and accountability across multiple regions and time zones.
· Foster agile, cross-functional teams that collaborate across infrastructure, applications, and business domains.
· Manage vendor partnerships and enforce accountability for quality, SLAs, and innovation.
· Develop succession plans, training paths, and career opportunities in Microsoft identity, MFA, and advanced security engineering.
· Promote a culture of inclusion, agility, innovation, and continuous improvement.
Required Qualifications:
• Extensive, progressively advancing experience in information security and/or infrastructure engineering, including substantial senior-level leadership experience.
• Proven experience managing global teams (internal staff and vendor/partner resources).
• Deep expertise in Microsoft identity and authentication platforms, including:
o Active Directory (on-prem & hybrid)
o Azure AD / Entra ID
o Microsoft 365 Identity Services
o Multi-Factor Authentication (MFA) & Conditional Access
o Privileged Access Management (PAM)
• Strong background in security engineering domains:
o Cloud Security (Azure, AWS, GCP)
o OT Security
o Application & Infrastructure Security
• Demonstrated success delivering in an agile operating model.
• Proven record of driving enterprise-wide MFA adoption and improving identity resilience.
• Experience in pharmaceuticals, healthcare, or other highly regulated industries preferred.
• Strong communication skills and executive presence; able to influence at C-suite and board levels.
• Bachelor’s degree required; Master’s degree preferred in Information Security, Computer Science, or related field, or equivalent.
• Certifications such as CISSP, CISM, Microsoft SC-300 (Identity & Access Administrator), or Azure Solutions Architect are a plus.
What awaits you at Astellas?
• Global collaboration: Become part of a connected global business of like-minded life science leaders, all dedicated to improving patients' lives worldwide.
• Real-world patient impact: Contribute to transformative therapies that reach patients around the world, knowing your work makes a difference every day.
• Relentless Innovation: Join a company at the forefront of scientific breakthroughs, where you'll have the opportunity to shape the future of healthcare.
• A Culture of Growth: Chart your own course within a supportive environment that values your contributions, champions your development, and empowers you to pursue your passions.
Our Organizational Values and Behaviors:
• Impact
• Innovation
• Integrity
• One Astellas
• Accountability
• Courage
• Sense of Urgency
• Outcome Focus
Benefits:
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Beware of recruitment scams impersonating Astellas recruiters or representatives. Authentic communication will only originate from an official Astellas LinkedIn profile or a verified company email address. If you encounter a fake profile or anything suspicious, report it promptly to LinkedIn's support team through LinkedIn Help.
#LI-Warsaw
#LI-Hybrid
#LI-MO1