Information Security Analyst 4

 Role will be Hybrid (3 days in office, 2 days remote)
Title:  Application Security Manager/Associate

  Must have
Bachelor's degree in cybersecurity (preferred)
 - Working knowledge and experience with Cybersecurity and Application Security
 - SOX control experience
 - IAPP experience
 - Compliance knowledge
 - Must be able to perform Application Assessments on every control
 - Change Management Control experience
 - GXP experience
 - Must know how data is classified
 - Minimum of 5 years of experience
 - Software required:  Cloud-based software (ex - Salesforce)
 - Must have excellent communication skills
 - Must be a proactive worker (a go-getter)

Description:
Provide security consulting and assurance for assigned platforms, including:
o Performing risk calculators to identify high risk applications/projects; for those identified, performing application security questionnaires/assessments, identifying security gaps and appropriate remediation actions
o Support Pen Test executions for Key Advanced Therapies applications, identifying remediation plans for issues identified;
o Performing Incident trending to ensure security root causes are identified and remediated
o Evaluating static & dynamic vulnerabilities to identify TLM/ALM & other security issues along with the appropriate remediation actions.
• Large experience in SOX, IAPP, GxP, Privacy compliance requirements
• Provide local oversite for interns, employees/Contractors under my responsibility

• Support Key Advanced Therapies projects:
o Providing a central point for SC security questions or queries on project support, connecting with the appropriate ISRM team member to ensure complete and accurate responses and/or appropriate involvement
o Navigating between all ISRM SC pillars to obtain knowledge regarding security issues
• Ensures appropriate controls are implemented for Car-T Applications and coordinates alignment with Internal Audit and IT Compliance
• Provide metrics and reports on a weekly basis tracking the entire portfolio, application assessment status, and Risk Acceptance status.

Top Three Required Skills:
Information Security Compliance experience
Sox/Audit Experience in Pharmaceutical and
Cloud-based software controls OT or Make or Application Security Assessment experience.