Information Security Analyst

Sumitomo Pharma Co., Ltd. is a global pharmaceutical company based in Japan with key operations in the U.S. (Sumitomo Pharma America, Inc.), Canada (Sumitomo Pharma Canada, Inc.) and Europe (Sumitomo Pharma Switzerland GmbH) focused on addressing patient needs in oncology, urology, women's health, rare diseases, psychiatry & neurology, and cell & gene therapies. With several marketed products in the U.S., Canada, and Europe, and a diverse pipeline of early- to late-stage assets, we aim to accelerate discovery, research, and development to bring novel therapies to patients sooner. For more information on SMPA, visit our website https://www.us.sumitomo-pharma.com or follow us on LinkedIn.

Information Security Analyst

Sumitomo Pharma America (SMPA) is focused on delivering therapeutic and scientific breakthroughs in areas of critical patient need spanning psychiatry & neurology, oncology, urology, women’s health, rare disease, and cell & gene therapies. The company’s diverse portfolio includes several marketed products and a robust pipeline of early- to late-stage assets. Building on Sumitomo Pharma’s 125-year legacy of innovation, SMPA leverages proprietary in-house technology platforms and advanced analytics capabilities to accelerate discovery, development, and help bring novel therapies to patients sooner. SMPA is a Sumitomo Pharma company. [For more information, visit Sumitomo-pharma.com]

Job Overview

We are seeking a motivated and detail-oriented Information Security Analyst to join our Information Security team. The ideal candidate will have a strong interest in information security operations, and a desire to learn and grow in a fast-paced environment. This role will heavily support day-to-day InfoSec activities such as responding to cybersecurity related tickets and alerts, monitoring and maintaining cybersecurity systems, and assisting in the implementation of new cybersecurity measures to protect our organization's data and networks.

Job Duties and Responsibilities

• Triage security alerts.
• Identify and respond to threats.
• Respond to user requests and inquiries.
• Assist with the deployment and maintenance of security controls, tools, and platforms.
• Educate other departments on information system security best practices.
• Help with incident response, investigation, and remediation.
• Stay updated with the latest cybersecurity attacks trends and defense technologies, and keep systems updated to protect against those trends.

Key Core Competencies

Soft Skills

• Problem Solving: Ability to identify and resolve security issues effectively, while balancing convenience and functionality with security.
• Critical Thinking: Strong analytical skills to analyze data such as logs, events, and alerts to identify security threats and vulnerabilities.
• Communication Skills: Clear and concise communication with technical and non-technical stakeholders while responding to tickets and incidents, while assisting with security focused projects, and while training employees on security best practices.
• Adaptability: Ability to quickly learn and adapt to new security technologies and threats in a rapidly evolving cybersecurity landscape.

Hard Skills

• Security Tools and Technologies: Familiarity with security tools such as EDR, SIEM, and vulnerability scanners. Candidate should be comfortable using and maintaining these types of tools in an enterprise environment.
• Threat Analysis and Incident Response: Expertise in the analysis of alerts and other data to determine when a threat or incident exists, and what responsive action is required.
• Cloud Security: Comprehension of security concepts within cloud platforms such as AWS, Azure, GCP.
• Operating Systems: Understanding of security concepts that apply to Windows, Linux, iOS, ipadOS.
• Risk Management: Knowledge of vulnerability assessment and remediation techniques. Familiarity with risk frameworks, including NIST, CIS, and MITRE ATT&CK.
• Industry Compliance: Basic understanding of compliance standards that are relevant to our organization, including HIPAA, CCPA, GDPR, ISO27001, and SOX.

Education and Experience

• Bachelor's degree in cybersecurity, computer science, information technology, or a related field. OR a cybersecurity certification, including but not limited to: Security+, CySA+, SSCP, GSEC, etc.
• 1-2 years of experience in roles where cybersecurity work was a primary responsibility.
• Preferred: Specialized SIEM Skills: specialized knowledge in SIEM engineering is a plus. This includes optimizing log shipping and storage, creation of custom queries/reports/dashboards, configuration of custom parsing, and overall SIEM maintenance.

The base salary range for this role is $113,200 to $141,500.    Base salary is part of our total rewards package which also includes the opportunity for merit-based salary increases, short incentive plan participation, eligibility for our 401(k) plan, medical, dental, vision, life and disability insurances and leaves provided in line with your work state.  Our robust time-off policy includes unlimited paid time off, 11 paid holidays plus additional time off for a shut-down period during the last week of December, 80 hours of paid sick time upon hire and each year thereafter.  Total compensation, including base salary to be offered, will depend on elements unique to each candidate, including candidate experience, skills, education and other factors permitted by law.

Disclaimer: The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

Confidential Data: All information (written, verbal, electronic, etc.) that an employee encounters is considered confidential.

Compliance: Achieve and maintain Compliance with all applicable regulatory, legal and operational rules and procedures, by ensuring that all plans and activities for and on behalf of Sumitomo Pharma America (SMPA) and affiliates are carried out with the "best" industry practices and the highest ethical standards.

Mental/Physical Requirements: Fast paced environment handling multiple demands. Must be able to exercise appropriate judgment as necessary. Requires a high level of initiative and independence. Excellent written and oral communication skills required. Requires ability to use a personal computer for extended periods of time.

Sumitomo Pharma America (SMPA) is an Equal Employment Opportunity (EEO) employer

Qualified applicants will receive consideration for employment without regard to race; color; creed; religion; national origin; age; ancestry; nationality; marital, domestic partnership or civil union status; sex, gender; affectional or sexual orientation; disability; veteran or military status or liability for military status; domestic violence victim status; atypical cellular or blood trait; genetic information (including the refusal to submit to genetic testing) or any other characteristic protected by law.