Sr. Analyst, Cyber Security

Adaptimmune is a fully integrated cell therapy company, designed and built from the ground up with four U.K.- and U.S.-based biotechnology hub locations. Our comprehensive capabilities and teams include preclinical research, clinical development, translational sciences, autologous and allogeneic manufacturing, and in-house commercial and corporate operations.

Our company culture is rooted in trust, inclusion, our capacity to collaborate, and our commitment to being honest and brave in our desire to successfully transform the lives of people with cancer.

Primary Responsibility

The Sr. Analyst, Cyber Security plays an integral part in the active development, execution, monitoring, and oversight of security controls across the enterprise to safeguard company information and systems. Responsibilities include and not limited to:

• Providing strategic support to the Director, Global Infrastructure & Cyber Security, and other key stakeholders to mature and deploy security capabilities.
• Establishing and managing tools and processes to ensure that systems and information are regularly assessed for compliance to controls in alignment to level of inherent risk.
• Managing tools for and executing initial and ongoing assessments of third-party security control environments to ensure appropriateness for nature of services and information.
• Manage the execution of security assessments / penetration tests from scoping through execution, analysis, and remediation; with engagement and management of external services where required.
• Acting as a focal point and trusted advisor for IM and business functions in providing expert security consultation on solutions for security risk and compliance issues.
• Supporting Cyber Security team members as necessary in the execution of the company’s security incident response procedure, including after action reviews.
• Overseeing security training and awareness initiatives, including ongoing phishing campaigns, to ensure that staff are aware of key risks and their responsibilities to protect company systems and information.

The Sr. Analyst must be able to balance and prioritize across hands-on IT security operational activities and longer-term cyber security efforts.

Key requirements of the positions include: influencing for outcomes, collaboration, communication and presentation skills, technical and IT security competency, analytical and critical thinking, operational excellence, and the ability to identify needs, risks and take initiative.

Key Responsibilities

Strategic Support

• Work with the Director, Global Infrastructure & Cyber Security, business stakeholders, users, and IT specialists to mature and deploy capabilities to address cyber-risk and business security requirements.
• Work with the Director, Global Infrastructure & Cyber Security to establish and report metrics that effectively communicate successes and progress of the Information Security program.

Security Control Assessments

• Establish and manage tools and processes to verify adherence to IT security policies, procedures, and methods.
• Ensure security is factored into evaluation and installation of new software and hardware.
• Assist staff in identifying / responding to risks, including recommendation of treatment plans and analysis of residual risk.
• Report on a routine basis compliance with IT security policies, procedures, requirements, and methods.
•  Aid the Director, Global Infrastructure & Cyber Security in the identification of systemic issues that require further analysis/treatment.

Third Party Security Assessments

• Manage initial and ongoing security assessments for third party suppliers to ensure that control environments are appropriate to nature of services and information sensitivity.
• Identify and track ongoing remedial actions and coordinate periodic governance for critical suppliers.

Security Assessment and Penetration Testing

• Coordinate and execute security assessments / penetration tests as required to identify control weaknesses and assess the effectiveness of existing controls.
• Manage the engagement of third-party professional services as required for the execution of assessments or penetration tests.
• Analyze recommendations to translate into internal action plans and oversee resulting remedial actions through completion or risk acceptance.

Security Consulting/Advisory Services

• Develop a strong working relationship with the IT and business functions to aid them in development and implementation of controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Security Incident Response

• Investigate, evaluate risk, and act on security alerts, intrusion attempts, breaches, incidents, and false alarms across the IT eco-system where required as backup to the Cyber Security team.
• Support analysis as part of after action review during and after a security incident. Assists technical administrators in the resolution of reported security incidents as required.

Security Awareness & Training

• Oversee the identification, selection and delivery of security training for all employees – for both new starters and ongoing periodic training.
• Manage the delivery and reporting of ongoing phishing exercises and associated training and education as required.
• Manage intranet presence and articles for regular security awareness communications to audiences which may range from senior leaders to field staff to the entire company.
• Ensure staff are adequately trained on technical control requirements, risk parameters and related operational tools as required.

Other duties as assigned by IT management in support of rapidly growing company.

Qualifcations & experience 

Required

• A strong technologist with a record of accomplishment in the field of IT security with 7 to 10 years of relevant experience.
• 10+ years professional experience
• A bachelor's degree in information systems, related degree, or equivalent work experience
• Information Security certification based on industry best practices (e.g., CISSP, CISA, CISM, CASP+).
• Proficiency in security risk management to include an understanding of security threats, business impacts, and the associated best practice treatment strategies.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
• A thought leader, influencer, and builder of consensus who can build bridges between various IT roles and functions.

Desirable

• Knowledge of security of Cloud technology and technical integrations.
• ITIL Certification, GxP training, Privacy, EU General Data Protection Regulations (GDPR) and/or IT Security training.
• Advanced degree in Computer Science, Engineering, or Business.
• Any equivalent combination of education, experience and training that provides the required knowledge, skills, and abilities.
• Global IT experience.
• Previous pharmaceutical or biotechnology experience.

Other RequIREMENTS  

• Travel to Adaptimmune sites and Adaptimmune vendors as necessary to support Cyber Security team needs

At Adaptimmune we embrace diversity and equality of opportunity. We believe that the more inclusive we are, the better our work will be. We welcome applications to join our team from all qualified candidates, regardless of age, colour, disability, marital status, national origin, race, religion, gender, sexual orientation, gender identity, veteran status or other legally protected category. It is our intent that all qualified applicants will receive equal consideration for employment.