Cybersecurity Analyst / Senior Cybersecurity Analyst

Role Summary

The Cybersecurity Analyst will be responsible for supporting the development, implementation, and maintenance of the company’s cybersecurity and information security programs. This role works closely with IT, Legal, Compliance, and Commercial teams to identify risks and mitigating controls or processes, respond to and investigate security incidents, and ensure that

Responsibilities

• Monitor, analyze, and respond to security alerts and incidents in coordination with IT teams and external partners
• Proactively identify and mitigate threats using advanced cybersecurity tools, threat intelligence feeds, and analytics
• Operate and optimize security technologies (SIEM, EDR, firewalls) and implement enterprise-wide security controls and secure configurations
• Conduct comprehensive security assessments and audits of IT systems, networks, and third-party vendors to identify vulnerabilities and compliance gaps
• Ensure adherence to applicable privacy and security regulations (e.g., GDPR, HIPAA, CCPA, 21 CFR Part 11, FDA, EMA, GxP)
• Maintain and enhance incident response and business continuity plans to strengthen organizational resilience
• Identify and recommend automation opportunities to improve cybersecurity response, remediation efficiency, and overall program maturity
• Support documentation and reporting for security controls, risk mitigation plans, and audit responses
• Design and deliver KPIs, dashboards, and metrics to measure security performance and risk posture
• Assist in developing and delivering security awareness training and education programs for employees
• Stay current on emerging threats, industry trends, and best practices in cybersecurity and privacy

Qualifications

• Required: Bachelor‚Äôs degree in Information Security, Computer Science, Life Sciences, Legal Studies, or a related field
• Required: 4+ years‚Äô experience in cybersecurity roles
• Required: Leadership in incident response and security operations
• Required: Familiarity with privacy laws and cybersecurity frameworks
• Required: Experience in regulated industries (biotech, pharma, healthcare, or medical devices)
• Preferred: Certifications such as CISSP, CISA, CIPP/US, CIPM, or Security+
• Preferred: Experience working in small or mid-sized companies, especially in high-growth environments
• Preferred: Proficiency with security tools (SIEM, EDR/XDR, DLP, SASE/CASB, vulnerability scanners, etc.)
• Preferred: Understanding of third-party risk management in a biotech context
• Preferred: General familiarity with GenAI and process automation

Skills

• Working knowledge of privacy regulations: GDPR, HIPAA, CCPA, CPRA, and other global data protection laws
• Understanding of biotech/life sciences regulatory landscape (e.g., 21 CFR Part 11, GxP systems)
• Familiarity with cloud security principles (e.g., AWS, Azure, or GCP environments)
• Awareness of threats and vulnerabilities in life sciences IT environments
• Knowledge of industry frameworks (e.g., NIST CSF, ISO/IEC 27701 for privacy)
• Security monitoring and incident response
• Risk assessment and mitigation planning
• Technical writing and policy documentation
• Vendor security and cybersecurity due diligence
• Project management and cross-functional collaboration
• Proficiency with cybersecurity tools and frameworks (e.g., NIST, ISO 27001, CIS Controls)
• Strong communication and interpersonal skills
• Strong analytical/problem-solving abilities
• Ability to mentor junior analysts
• Ability to translate complex security and privacy requirements into practical controls and solutions
• Ability to handle sensitive data and information with discretion and professionalism
• Ability to manage multiple tasks and priorities in a fast-paced environment
• Ability to work independently and take initiative while collaborating with cross-functional teams
• Ability to interpret and apply regulatory requirements to evolving business models and technologies
• Ability to communicate technical concepts to non-technical stakeholders
• Ability to thrive in a startup-like environment with a hands-on and proactive mindset

Education

• Bachelor‚Äôs degree in Information Security, Computer Science, Life Sciences, Legal Studies, or a related field