Manager, IT Security Analyst

ESSENTIAL JOB FUNCTIONS:

Reporting to the Senior Director of IT and Facilities, the IT Security Analyst serves as the primary operational lead for cybersecurity, vendor risk, and data privacy programs at Kura. This role is responsible for strengthening the company’s security posture, supporting regulatory and audit requirements, and ensuring continuous improvement of detection, response, and risk management capabilities in a highly regulated life sciences environment.

The IT Security Analyst partners closely with internal stakeholders and external security service providers to identify, assess, and mitigate risk. This position acts as a subject matter expert for information security, third party risk, and audit readiness, and plays a critical role in promoting a security first culture across the organization.

The ideal candidate will bring deep experience in regulated life sciences environments, demonstrates strong leadership and cross functional collaboration skills, and thrives in fast paced, high growth organizations.

• Enhance and mature Kura’s cybersecurity program, strengthening systems, processes, and controls to meet evolving regulatory and data privacy requirements.
• Own and administer the third party risk management and data privacy platform, including configuration, assessments, remediation tracking, reporting, and continuous improvement in partnership with Legal, Compliance, Procurement, and Quality.
• Coordinate vendor security assessments and track remediation activities to reduce third party risk exposure.
• Serve as the operational owner for the managed security services provider and related security monitoring platforms, ensuring effective alert triage, incident response coordination, use case tuning, and reporting.
• Lead and support security incident response activities, including investigation, containment, remediation, and documentation.
• Oversee vulnerability management activities, including vulnerability scanning, reporting, and remediation coordination across endpoints, infrastructure, and applications.
• Partner with internal teams and external providers to conduct security assessments, penetration testing, disaster recovery exercises, and tabletop simulations.
• Oversee and continuously improve the cybersecurity awareness and training program to strengthen the organization’s security culture.
• Research, evaluate, recommend, and implement appropriate security tools and technologies aligned with organizational risk priorities and direction from the Director of IT.
• Support patch management oversight by validating that security updates are applied in accordance with defined standards and timelines.
• Monitor configuration standards and security controls to maintain appropriate risk levels across endpoints, identity platforms, and infrastructure.
• Serve as the primary operational owner for IT security audit readiness, including evidence collection, documentation, and control validation in support of internal and external audits.
• Provide risk based recommendations to IT leadership regarding security strategy, roadmap initiatives, and remediation priorities.
• Stay current on emerging cybersecurity threats, regulatory expectations, and industry best practices relevant to life sciences and regulated environments.
• Champion information security, privacy, and risk awareness across the organization.

JOB QUALIFICATIONS:

• 7 plus years of progressive experience in information security, cybersecurity operations, or risk management.
• 3 plus years of experience supporting security programs in a regulated environment such as pharmaceutical, biotechnology, medical device, or similar industries preferred.
• Demonstrated experience operating third party risk management and data privacy platforms, including vendor assessments and remediation tracking.
• Hands on experience with security monitoring and detection technologies such as SIEM, EDR, MDR, MSSP, vulnerability management tools, and endpoint security platforms.
• Strong understanding of cybersecurity frameworks and regulatory standards including NIST CSF, ISO 27001, SOC 2, SOX IT controls, and 21 CFR Part 11.
• Experience supporting internal and external audits and regulatory inspections.
• Ability to assess technical risk and translate regulatory requirements into practical security controls and processes.
• Strong analytical and investigative skills with the ability to prioritize risks and recommend business aligned solutions.
• Excellent written and verbal communication skills, including the ability to communicate risk concepts to technical and non-technical stakeholders.
• High level of discretion, integrity, and ability to handle confidential and sensitive information.
• Bachelor’s degree in Information Technology, Computer Science, Information Security, or related field, or equivalent practical experience.
• Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are preferred.

The base range for this role is $156,586 - $185,630 per year. Individual pay may vary based on additional factors, including, and without limitation, job-related skills, experience, work location, and relevant education or training. Kura's compensation package also includes generous benefits, equity, and participation in an annual target bonus.

#LI-RM1