Manager, Cybersecurity
BioCryst Pharmaceuticals, Inc.
2 months ago
Remote friendly (North Carolina, United States)
United States
IT
Cybersecurity Manager
Responsibilities
- Act as a primary cybersecurity liaison to business stakeholders (Product, Legal, Compliance, Risk, Finance, Operations), enabling risk-informed decision making.
- Translate business objectives and constraints into actionable security controls, prioritized remediation plans, and risk ownership models.
- Lead management oversight of security risks and findings, including remediation tracking, timeline accountability, and residual risk acceptance.
- Support audit, regulatory, and customer assurance activities through control design, evidence review, and remediation planning.
- Develop and maintain security standards, technical guidance, and documentation to enable consistent control adoption across teams.
- Escalate cybersecurity risks to senior leadership with clear context, options, and recommended actions.
- Oversee Managed Security Service Providers (MSSPs) by defining scope, performance metrics, governance rhythms, and continuous assurance of service quality and risk posture.
- Drive continuous improvement of the cybersecurity program through automation, process optimization, and technical innovation.
- Provide guidance as a trusted advisor and subject matter expert to engineers, leaders, and cross-functional teams (legal, HR, finance).
- Partner with communications/training teams to deliver security awareness content and targeted education for employees and contractors.
- Oversee day-to-day security operations: monitoring, alert triage, and incident response across enterprise, cloud, and SaaS.
- Serve as a senior escalation point for security incidents; provide technical oversight, decision support, and remediation guidance.
- Establish and monitor operational standards, SLAs, and KPIs for detection, response, and recovery.
- Manage incident response planning, tabletop exercises, and post-incident reviews (root cause analysis, corrective actions, executive-ready reporting).
- Design and enforce secure usage of AI technologies within security operations (mitigate data exposure/misuse; improve alert triage, threat analysis, and automation).
- Provide technical/architectural support for security controls across endpoints, networks, cloud platforms, and SaaS.
- Guide security tooling integrations and telemetry pipelines to support high-quality detection, response, and analysis.
- Conduct security architecture reviews for new systems, products, and third-party services.
- Ensure alignment with recognized security frameworks (e.g., NIST, Zero Trust) and evolving organizational risk posture.
- Stay current on emerging threats and defensive technologies; translate intelligence into strategic/operational improvements.
Required Education/Experience/Skills
- Bachelorβs degree in Computer Science, Information Security, Engineering, or related field, or equivalent practical experience.
- 5+ years of experience in cybersecurity engineering, security operations, or related technical roles.
- Hands-on experience implementing and operating security controls in enterprise environments.
- Proven experience collaborating with cross-functional/business stakeholders to deliver security outcomes.
- Experience and comfort communicating across all levels, including senior leadership.
- Strong customer service, communication, and stakeholder engagement skills.
- Experience in a publicly traded, regulated industry (preferably biotech, pharma, or life sciences).
Preferred Skills/Certifications
- CISSP, CISM, CRISC, or CISA.
Responsibilities
- Act as a primary cybersecurity liaison to business stakeholders (Product, Legal, Compliance, Risk, Finance, Operations), enabling risk-informed decision making.
- Translate business objectives and constraints into actionable security controls, prioritized remediation plans, and risk ownership models.
- Lead management oversight of security risks and findings, including remediation tracking, timeline accountability, and residual risk acceptance.
- Support audit, regulatory, and customer assurance activities through control design, evidence review, and remediation planning.
- Develop and maintain security standards, technical guidance, and documentation to enable consistent control adoption across teams.
- Escalate cybersecurity risks to senior leadership with clear context, options, and recommended actions.
- Oversee Managed Security Service Providers (MSSPs) by defining scope, performance metrics, governance rhythms, and continuous assurance of service quality and risk posture.
- Drive continuous improvement of the cybersecurity program through automation, process optimization, and technical innovation.
- Provide guidance as a trusted advisor and subject matter expert to engineers, leaders, and cross-functional teams (legal, HR, finance).
- Partner with communications/training teams to deliver security awareness content and targeted education for employees and contractors.
- Oversee day-to-day security operations: monitoring, alert triage, and incident response across enterprise, cloud, and SaaS.
- Serve as a senior escalation point for security incidents; provide technical oversight, decision support, and remediation guidance.
- Establish and monitor operational standards, SLAs, and KPIs for detection, response, and recovery.
- Manage incident response planning, tabletop exercises, and post-incident reviews (root cause analysis, corrective actions, executive-ready reporting).
- Design and enforce secure usage of AI technologies within security operations (mitigate data exposure/misuse; improve alert triage, threat analysis, and automation).
- Provide technical/architectural support for security controls across endpoints, networks, cloud platforms, and SaaS.
- Guide security tooling integrations and telemetry pipelines to support high-quality detection, response, and analysis.
- Conduct security architecture reviews for new systems, products, and third-party services.
- Ensure alignment with recognized security frameworks (e.g., NIST, Zero Trust) and evolving organizational risk posture.
- Stay current on emerging threats and defensive technologies; translate intelligence into strategic/operational improvements.
Required Education/Experience/Skills
- Bachelorβs degree in Computer Science, Information Security, Engineering, or related field, or equivalent practical experience.
- 5+ years of experience in cybersecurity engineering, security operations, or related technical roles.
- Hands-on experience implementing and operating security controls in enterprise environments.
- Proven experience collaborating with cross-functional/business stakeholders to deliver security outcomes.
- Experience and comfort communicating across all levels, including senior leadership.
- Strong customer service, communication, and stakeholder engagement skills.
- Experience in a publicly traded, regulated industry (preferably biotech, pharma, or life sciences).
Preferred Skills/Certifications
- CISSP, CISM, CRISC, or CISA.