US: Associate Director, Cloud Security & Integration Architect

Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including autologous and allogenic chimeric antigen receptor T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based immunotherapy. From our three R&D sites around the world, we apply these innovative technologies to pursue the discovery of safe, efficacious and cutting-edge therapeutics for patients worldwide.

Legend Biotech entered into a global collaboration agreement with Janssen, one of the pharmaceutical companies of Johnson & Johnson, to jointly develop and commercialize ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is designed to combine the strengths and expertise of both companies to advance the promise of an immunotherapy in the treatment of multiple myeloma.

Legend Biotech is seeking an Associate Director, Cloud Security & Integration Architect as part of the IT team based in Somerset, NJ.

Role Overview

This individual will lead cloud security and integration initiatives with system hardening and tooling initiative across the enterprise. Be able to leverage leading-edge technologies, and improve efficiency, support aggressive growth, and improve the organization’s overall security posture. Drive continuous improvement of the cloud security strategy and lead designing and facilitating cloud security specific implementations and workflows enabled by tooling, templates and cloud native services. Will collaborate with cloud platform owners to create security guardrails controls guidance and perform as a subject matter expert on cloud security with expertise and responsibilities to review and assess cloud infrastructure architectures. This person will also lead and own the Identity and access management program and establish process and procedures for Legend globally and contribute to a zero trust strategy. In this role you will develop and maintain security frameworks and architectures, technical standards and guidelines across the security domains of identity, networks infrastructure and endpoints. This role will be leading a Global team will play an advisory role for all entity. The individual will lead and own the Security and Design control and process for all applications on-premise and cloud. Evaluating security tooling, work with the ISO team to understand any gaps in the tooling/environment, assist with researching new tools the business plans to implement. In addition, will provide security architecture guidance for GxP environments to mitigate potential cyber threats and risks. The right candidate must have team oriented approach that balances security needs and user experience to provide best in class security to the organization with subject matter expertise in enterprise security architecture governance and industry standard cybersecurity frameworks, cloud computing and cloud architecture. You will collaborate with various Business units to ensure cybersecurity controls and investments are aligned with the company business and strategic goals. 

Key Responsibilities

Cloud Security Architecture & Strategy

• Define and maintain cloud security architecture standards for AWS, Azure, and/or GCP.
• Design and enforce secure landing zones, network segmentation, identity models, and encryption strategies.
• Lead implementation of Zero Trust, defense-in-depth, and least-privilege access models. 
•  Align cloud security architecture with enterprise security frameworks (e.g., NIST, ISO 27001, CIS).

Cloud & Hybrid Integration Architecture

• Architect secure integrations between cloud, on-premises, SaaS, and third-party platforms. 
• Define patterns for API security, event-driven architectures, middleware, and data integration.
• Ensure resilience, scalability, and observability of integrated systems.
• Oversee identity federation and SSO integrations (Azure AD / Entra ID, IAM, SAML, OAuth, OIDC).

Governance, Risk & Compliance 

• Ensure cloud environments meet regulatory and compliance requirements (e.g., SOC 2, HIPAA, PCI-DSS, SOX, GDPR).
• Partner with risk, audit, and compliance teams on security assessments and remediation plans.
• Lead threat modeling and security architecture reviews for cloud initiatives.

Leadership & Stakeholder Engagement 

• Act as a technical authority and advisor for cloud security and integration decisions.
• Mentor architects and senior engineers across cloud and security domains. 
• Collaborate with application, DevOps, and platform teams to drive secure cloud adoption. 
• Present architecture decisions and risk tradeoffs to senior leadership and executives. 

Operational Excellence

• Guide selection and implementation of cloud security tooling (CSPM, CWPP, SIEM, CASB, CNAPP).
• Support incident response and forensic analysis for cloud-related security events.
• Drive automation of security controls and policy enforcement. 
• Evaluate emerging cloud and security technologies and recommend adoption strategies.
• Lead security and system documentation Non GxP and Non-GxP 
• Lead and provide oversight with Enterprise Cyber Security in mind
• Lead the Security efforts for modern workplace
• Lead OT data and system Governance program and operations
• Oversee Legend’s Global Identity & Access Management (IAM)
• Oversee User Access Management (UAM), Privilege Access Management (PAM/PIM) Services

Requirements

Education

 A minimum of a Bachelor’s Degree in a relevant discipline, advanced degree is preferred.

Experience 

• A minimum 15 years in Cybersecurity strategy, architecture and operations (programs and capabilities). 
• Relevant working experience, 10 years within pharmaceutical, biotech or cybersecurity industries.

 IT Skills

• Cloud security services (IAM, KMS, WAF, Shield, Defender, GuardDuty, Sentinel, etc.). I
• Identity and access management, including federation and privileged access management.
• Network security: VPC/VNet design, firewalls, private connectivity, VPNs, and ExpressRoute/Direct Connect.
• Infrastructure as Code (Terraform, Bicep, CloudFormation).
• CI/CD and DevSecOps integration.
• API security, integration platforms, and messaging systems

#Li-LB1

#Li-Hybrid

Please note: These benefits are offered exclusively to permanent full-time employees. Contractors are not eligible for benefits through Legend Biotech.

EEO Statement

It is the policy of Legend Biotech to provide equal employment opportunities without regard to actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth, related medical conditions and lactation), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, disability, genetic information, or any other protected characteristic under applicable federal, state or local laws or ordinances.

Employment is at-will and may be terminated at any time with or without cause or notice by the employee or the company.