Security Analyst

Capricor Therapeutics (NASDAQ: CAPR) is a biotechnology company dedicated to advancing transformative cell and exosome-based therapies for rare diseases. At the forefront of our innovation is Deramiocel (CAP-1002), our lead cell therapy in late-stage development for Duchenne muscular dystrophy. We are also harnessing our proprietary StealthX exosome platform to unlock new possibilities in targeted delivery and vaccinology. Every program reflects our commitment to pushing the boundaries of science and delivering life-changing treatments to patients and families who need them most. We are seeking a detail-oriented Security Analyst to protect our cybersecurity operations within our regulated biotech/pharmaceutical environment. This role combines hands‑on security operations with compliance governance, focusing on protecting GMP systems, regulated data, and financially relevant systems in scope for SOX compliance. This is a unique opportunity to work at the intersection of threat operations and regulatory compliance, ensuring adherence to GMP, SOX IT General Controls (ITGCs), and industry security frameworks while actively defending against evolving cyber threats. Responsibilities Monitor and Respond to Security Threats Monitor, triage, and respond to security alerts across endpoint, email, and SIEM platforms Investigate security incidents impacting: GMP systems and regulated environments SOX in-scope systems (financial applications, identity systems, etc.) Execute incident response procedures aligned with validated and auditable processes Maintain detailed, audit-ready documentation of all incidents and remediation actions Manage Security Technology Stack Administer and implement CrowdStrike Falcon for endpoint detection and response (EDR) Manage Abnormal Security for phishing, business email compromise (BEC), and account takeover threats Perform vulnerability assessments using Rapid7 InsightVM Oversee KnowBe4 security awareness training and phishing simulations Coordinate with SIEM platforms for log analysis and threat correlation SOX IT General Controls (ITGCs) Support SOX ITGC control execution and evidence collection, including: User Access Reviews (UARs) Logical access controls (joiner/mover/leaver processes) Change management controls Logging and monitoring controls Prepare and maintain audit-ready documentation for SOX compliance testing Coordinate with Finance and IT teams on control execution and remediation Policy Development & Regulatory Compliance Draft, review, and maintain information security policies, standards, and SOPs aligned with: GxP requirements (GMP, GCP, GLP) SOX IT General Controls 21 CFR Part 11 (where applicable) NIST CSF, NIST 800-53, or CIS Controls Ensure all policies are version-controlled, formally approved, and audit-ready Partner with IT, Finance, QA, and Compliance to align controls across regulated and financial systems Audit Support Support internal and external audits including SOX, FDA, SOC 2, and regulatory inspections Prepare control evidence and documentation packages Track audit findings and coordinate remediation activities Maintain relationships with internal audit and external assessors Vulnerability Management Conduct regular vulnerability scans across the environment Prioritize remediation based on: Regulatory impact (GMP systems) Financial/reporting risk (SOX systems) Threat landscape and exploitability Coordinate remediation through appropriate change control processes Track and document remediation evidence for compliance reporting Security Awareness & Training Administer security awareness training programs for all staff Deliver targeted training for users with access to: Regulated systems Financial/SOX in-scope systems Conduct phishing simulation campaigns and analyze results Track training metrics and maintain compliance records Continuous Improvement Develop and maintain security playbooks, SOPs, and runbooks Contribute to security metrics, KPIs, and executive reporting Identify gaps in controls, detection capabilities, and governance processes Recommend and implement security improvements aligned with business objectives Requirements Required Experience Minimum 3 years of hands‑on cybersecurity experience At least 2 years in a regulated environment (biotech, pharma, healthcare, or financial services) At least 1 year supporting SOX ITGC controls or similar compliance frameworks Demonstrated experience with security policy and SOP development Technical Skills Strong experience with Endpoint Detection & Response (EDR) platforms CrowdStrike Falcon highly preferred, or equivalent (Carbon Black, SentinelOne, Microsoft Defender for Endpoint) Hands‑on experience with vulnerability management tools Rapid7 InsightVM preferred, or equivalent (Qualys, Tenable, Nexpose) Experience with email security platforms Abnormal Security, Proofpoint, Mimecast, or similar Familiarity with security awareness platforms KnowBe4 or equivalent Working knowledge of SIEM tools and log analysis (Splunk, Microsoft Sentinel, or similar) Compliance & Governance Proven experience with SOX ITGC controls, including: User access reviews and recertifications Logical access provisioning and deprovisioning Change management oversight Audit evidence collection Understanding of GMP (Good Manufacturing Practice) requirements and regulated system controls Experience supporting security and compliance audits Strong documentation and evidence management skills with an audit-ready mindset Core Competencies Exceptional attention to detail and commitment to process adherence Analytical and investigative thinking for threat analysis Strong written and verbal communication skills Ability to translate technical security concepts for non-technical stakeholders Proven collaboration skills across IT, Finance, QA, and Compliance teams Self-motivated with ability to manage multiple priorities in a dynamic environment Education & Certifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field Security+ certification or equivalent Advanced certifications such as: CISSP or CISSP Associate CISA (Certified Information Systems Auditor) CySA+ (Cybersecurity Analyst) GIAC Security Essentials (GSEC) or similar Preferred Experience Deep familiarity with 21 CFR Part 11 (electronic records and signatures) Experience with additional security frameworks: NIST Cybersecurity Framework (CSF) NIST 800-53 controls CIS Critical Security Controls Prior experience supporting FDA inspections or pharmaceutical regulatory audits Experience with SOC 2 attestation and controls Basic scripting or automation experience (PowerShell, Python, Bash) Experience with identity and access management (IAM) platforms Familiarity with cloud security (Azure, AWS, or GCP) $120,000 - $140,000 a year #J-18808-Ljbffr Capricor Therapeutics