Manager, IT Security Analyst

Role Summary

Role: Manager, IT Security Analyst. This role, reporting to the Senior Director of IT and Facilities, serves as the primary operational lead for cybersecurity, vendor risk, and data privacy programs at Kura. It strengthens the company’s security posture, supports regulatory and audit requirements, and drives continuous improvement of detection, response, and risk management in a highly regulated life sciences environment. The ideal candidate has deep experience in regulated life sciences, strong leadership and cross-functional collaboration skills, and a hands-on, roll-up-your-sleeves approach to security and risk management.

Responsibilities

• Enhance and mature Kura’s cybersecurity program, strengthening systems, processes, and controls to meet evolving regulatory and data privacy requirements.
• Own and administer the third party risk management and data privacy platform, including configuration, assessments, remediation tracking, reporting, and continuous improvement in partnership with Legal, Compliance, Procurement, and Quality.
• Coordinate vendor security assessments and track remediation activities to reduce third party risk exposure.
• Serve as the operational owner for the managed security services provider and related security monitoring platforms, ensuring effective alert triage, incident response coordination, use case tuning, and reporting.
• Lead and support security incident response activities, including investigation, containment, remediation, and documentation.
• Oversee vulnerability management activities, including vulnerability scanning, reporting, and remediation coordination across endpoints, infrastructure, and applications.
• Partner with internal teams and external providers to conduct security assessments, penetration testing, disaster recovery exercises, and tabletop simulations.
• Oversee and continuously improve the cybersecurity awareness and training program to strengthen the organization’s security culture.
• Research, evaluate, recommend, and implement appropriate security tools and technologies aligned with organizational risk priorities and direction from the Director of IT.
• Support patch management oversight by validating that security updates are applied in accordance with defined standards and timelines.
• Monitor configuration standards and security controls to maintain appropriate risk levels across endpoints, identity platforms, and infrastructure.
• Serve as the primary operational owner for IT security audit readiness, including evidence collection, documentation, and control validation in support of internal and external audits.
• Provide risk based recommendations to IT leadership regarding security strategy, roadmap initiatives, and remediation priorities.
• Stay current on emerging cybersecurity threats, regulatory expectations, and industry best practices relevant to life sciences and regulated environments.
• Champion information security, privacy, and risk awareness across the organization.

Qualifications

• Required: 7+ years of progressive experience in information security, cybersecurity operations, or risk management.
• Preferred: 3+ years of experience supporting security programs in a regulated environment such as pharmaceutical, biotechnology, medical device, or similar industries.
• Demonstrated experience operating third party risk management and data privacy platforms, including vendor assessments and remediation tracking.
• Strong understanding of cybersecurity frameworks and regulatory standards including NIST CSF, ISO 27001, SOC 2, SOX IT controls, and 21 CFR Part 11.
• Experience supporting internal and external audits and regulatory inspections.
• Ability to assess technical risk and translate regulatory requirements into practical security controls and processes.
• Strong analytical and investigative skills with the ability to prioritize risks and recommend business aligned solutions.
• Excellent written and verbal communication skills, including the ability to communicate risk concepts to technical and non-technical stakeholders.
• High level of discretion, integrity, and ability to handle confidential and sensitive information.
• Preferred: Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are preferred.

Skills

• Hands-on experience with security monitoring and detection technologies such as SIEM, EDR, MDR, MSSP, vulnerability management tools, and endpoint security platforms.
• Research, evaluate, and implement appropriate security tools and technologies aligned with organizational risk priorities and direction from the Director of IT.
• Support patch management oversight by validating that security updates are applied in accordance with defined standards and timelines.
• Monitor configuration standards and security controls to maintain appropriate risk levels across endpoints, identity platforms, and infrastructure.
• Stay current on emerging cybersecurity threats, regulatory expectations, and industry best practices relevant to life sciences and regulated environments.
• Champion information security, privacy, and risk awareness across the organization.

Education

• Bachelor’s degree in Information Technology, Computer Science, Information Security, or related field, or equivalent practical experience.