SUMMARY:
The Cybersecurity Analyst will be responsible for supporting the development, implementation, and maintenance of the company’s cybersecurity and information security programs. This role works closely with IT, Legal, Compliance, and Commercial teams to identify risks and mitigating controls or processes, respond to and investigate security incidents, and ensure that
Essential Duties and Responsibilities
- Monitor, analyze, and respond to security alerts and incidents in coordination with IT teams and external partners
- Proactively identify and mitigate threats using advanced cybersecurity tools, threat intelligence feeds, and analytics
- Operate and optimize security technologies (SIEM, EDR, firewalls) and implement enterprise-wide security controls and secure configurations
- Conduct comprehensive security assessments and audits of IT systems, networks, and third-party vendors to identify vulnerabilities and compliance gaps
- Ensure adherence to applicable privacy and security regulations (e.g., GDPR, HIPAA, CCPA, 21 CFR Part 11, FDA, EMA, GxP)
- Maintain and enhance incident response and business continuity plans to strengthen organizational resilience
- Identify and recommend automation opportunities to improve cybersecurity response, remediation efficiency, and overall program maturity
- Support documentation and reporting for security controls, risk mitigation plans, and audit responses
- Design and deliver KPIs, dashboards, and metrics to measure security performance and risk posture
- Assist in developing and delivering security awareness training and education programs for employees
- Stay current on emerging threats, industry trends, and best practices in cybersecurity and privacy
JOB QUALIFICATIONS
Education, Certifications, Experience
- Bachelor’s degree in Information Security, Computer Science, Life Sciences, Legal Studies, or a related field
- 4+ years’ experience in cybersecurity roles
- Leadership in incident response and security operations
- Familiarity with privacy laws and cybersecurity frameworks
- Experience in regulated industries (biotech, pharma, healthcare, or medical devices)
Preferred:
- Certifications such as CISSP, CISA, CIPP/US, CIPM, or Security+
- Experience working in small or mid-sized companies, especially in high-growth environments
- Proficiency with security tools (SIEM, EDR/XDR, DLP, SASE/CASB, vulnerability scanners, etc.)
- Understanding of third-party risk management in a biotech context
- General familiarity with GenAI and process automation
Knowledge, Skills and Abilities
- Working knowledge of privacy regulations: GDPR, HIPAA, CCPA, CPRA, and other global data protection laws
- Understanding of biotech/life sciences regulatory landscape (e.g., 21 CFR Part 11, GxP systems)
- Familiarity with cloud security principles (e.g., AWS, Azure, or GCP environments)
- Awareness of threats and vulnerabilities in life sciences IT environments
- Knowledge of industry frameworks (e.g., NIST CSF, ISO/IEC 27701 for privacy)
- Security monitoring and incident response
- Risk assessment and mitigation planning
- Technical writing and policy documentation
- Vendor security and cybersecurity due diligence
- Project management and cross-functional collaboration
- Proficiency with cybersecurity tools and frameworks (e.g., NIST, ISO 27001, CIS Controls)
- Strong communication and interpersonal skills
- Strong analytical/problem-solving abilities
- Ability to mentor junior analysts
- Ability to translate complex security and privacy requirements into practical controls and solutions
- Ability to handle sensitive data and information with discretion and professionalism
- Ability to manage multiple tasks and priorities in a fast-paced environment
- Ability to work independently and take initiative while collaborating with cross-functional teams
- Ability to interpret and apply regulatory requirements to evolving business models and technologies
- Ability to communicate technical concepts to non-technical stakeholders
- Ability to thrive in a startup-like environment with a hands-on and proactive mindset
Gossamer Bio is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants and complies with all applicable national, state and local laws governing nondiscrimination in employment.
The expected salary range for this position is listed below. Actual pay will be determined based on experience, qualifications, and other job-related factors permitted by law. This position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. This position also qualifies for the benefits as listed below.
Gossamer Bio offers highly competitive benefit plans and programs, including medical, dental and vision insurance, 401(k) and 401(k) matching , long-term incentive plan, disability plan, vacation pay, sick time, holiday pay, and work, personal and family time off in accordance with the terms of the applicable plans. For additional general information on Company benefits, please visit https://www.gossamerbio.com/work-at-gossamerbio/
California Consumer Privacy Act (CCPA) Notice for California Residents:
This notice is to notify you that personal data about you has been collected by Gossamer Bio (“Controller”), which is located at 3115 Merryfield Row, Suite 120, San Diego CA 92121 and can be contacted by emailing [email protected], because Controller wishes to evaluate your candidacy for employment at Controller.
Your personal data was either obtained from publicly available sources (e.g. LinkedIn) or provided to Controller by someone who referred you for potential employment. Controller’s Privacy team can be contacted at [email protected].
Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) and the California Consumer Privacy Act (CCPA) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data has been shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR and CCPA, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with a supervisory authority.
Top Skills
What We Do
Gossamer Bio is a San Diego-based company focused on the discovery and development of novel and differentiated therapeutic products, to address high unmet needs amongst various targeted patient populations. Founded by the former Receptos executive team, Gossamer Bio’s strategy will be to leverage an asset-rich in-licensing environment, with a focus on areas of high unmet need, utilizing a team with a strong track record of execution in immunology, inflammation, fibrosis and oncology.
.png)
