Capricor1d ago

New

USD 120000–140000/yr

Security Analyst

United States·San DiegoFull-time (exempt)mid

Security AnalystCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Capricor Therapeutics (NASDAQ: CAPR) is a biotechnology company dedicated to advancing transformative cell and exosome-based therapies for rare diseases.

Technical Tools

Security AnalystCybersecurity

Capricor Therapeutics (NASDAQ: CAPR) is a biotechnology company dedicated to advancing transformative cell and exosome-based therapies for rare diseases. At the forefront of our innovation is Deramiocel (CAP-1002), our lead cell therapy in late-stage development for Duchenne muscular dystrophy. We are also harnessing our proprietary StealthX™ exosome platform to unlock new possibilities in targeted delivery and vaccinology. Every program reflects our commitment to pushing the boundaries of science and delivering life-changing treatments to patients and families who need them most.

We are seeking a detail-oriented Security Analyst to protect our cybersecurity operations within our regulated biotech/pharmaceutical environment. This role combines hands-on security operations with compliance governance, focusing on protecting GMP systems, regulated data, and financially relevant systems in scope for SOX compliance.

This is a unique opportunity to work at the intersection of threat operations and regulatory compliance, ensuring adherence to GMP, SOX IT General Controls (ITGCs), and industry security frameworks while actively defending against evolving cyber threats.

Monitor and Respond to Security Threats

Monitor, triage, and respond to security alerts across endpoint, email, and SIEM platforms

Investigate security incidents impacting:

GMP systems and regulated environments

SOX in-scope systems (financial applications, identity systems, etc.

Execute incident response procedures aligned with validated and auditable processes

Maintain detailed, audit-ready documentation of all incidents and remediation actions

Manage Security Technology Stack

Administer CrowdStrike Falcon for endpoint detection and response (EDR)

Manage Abnormal Security for phishing, business email compromise (BEC), and account takeover threats

Perform vulnerability assessments using Rapid7 InsightVM

Oversee KnowBe4 security awareness training and phishing simulations

Coordinate with SIEM platforms for log analysis and threat correlation

SOX IT General Controls (ITGCs)

Support SOX ITGC control execution and evidence collection, including:

User Access Reviews (UARs)

Logical access controls (joiner/mover/leaver processes)

Change management controls

Logging and monitoring controls

Prepare and maintain audit-ready documentation for SOX compliance testing

Coordinate with Finance and IT teams on control execution and remediation

Policy Development & Regulatory Compliance

Draft, review, and maintain information security policies, standards, and SOPs aligned with:

GxP requirements (GMP, GCP, GLP)

SOX IT General Controls

21 CFR Part 11 (where applicable)

NIST CSF, NIST 800-53, or CIS Controls

Ensure all policies are version-controlled, formally approved, and audit-ready

Partner with IT, Finance, QA, and Compliance to align controls across regulated and financial systems

Audit Support

Support internal and external audits including SOX, FDA, SOC 2, and regulatory inspections

Prepare control evidence and documentation packages

Track audit findings and coordinate remediation activities

Maintain relationships with internal audit and external assessors

Vulnerability Management

Conduct regular vulnerability scans across the environment

Prioritize remediation based on:

Regulatory impact (GMP systems)

Financial/reporting risk (SOX systems)

Threat landscape and exploitability

Coordinate remediation through appropriate change control processes

Track and document remediation evidence for compliance reporting

Security Awareness & Training

Administer security awareness training programs for all staff

Deliver targeted training for users with access to:

Regulated systems

Financial/SOX in-scope systems

Conduct phishing simulation campaigns and analyze results

Track training metrics and maintain compliance records

Continuous Improvement

Develop and maintain security playbooks, SOPs, and runbooks

Contribute to security metrics, KPIs, and executive reporting

Identify gaps in controls, detection capabilities, and governance processes

Recommend and implement security improvements aligned with business objectives

Required Experience

Minimum 3 years of hands-on cybersecurity experience

At least 2 years in a regulated environment (biotech, pharma, healthcare, or financial services)

At least 1 year supporting SOX ITGC controls or similar compliance frameworks

Demonstrated experience with security policy and SOP development

Technical Skills

Strong experience with Endpoint Detection & Response (EDR) platforms

CrowdStrike Falcon highly preferred, or equivalent (Carbon Black, SentinelOne, Microsoft Defender for Endpoint)

Hands-on experience with vulnerability management tools

Rapid7 InsightVM preferred, or equivalent (Qualys, Tenable, Nexpose)

Experience with email security platforms

Abnormal Security, Proofpoint, Mimecast, or similar

Familiarity with security awareness platforms

KnowBe4 or equivalent

Working knowledge of SIEM tools and log analysis (Splunk, Microsoft Sentinel, or similar)

Compliance & Governance

Proven experience with SOX ITGC controls including:

User access reviews and recertifications

Logical access provisioning and deprovisioning

Change management oversight

Audit evidence collection

Understanding of GMP (Good Manufacturing Practice) requirements and regulated system controls

Experience supporting security and compliance audits

Strong documentation and evidence management skills with an audit-ready mindset

Core Competencies

Exceptional attention to detail and commitment to process adherence

Analytical and investigative thinking for threat analysis

Strong written and verbal communication skills

Ability to translate technical security concepts for non-technical stakeholders

Proven collaboration skills across IT, Finance, QA, and Compliance teams

Self-motivated with ability to manage multiple priorities in a dynamic environment

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field

Security+ certification or equivalent

Advanced certifications such as:

CISSP or CISSP Associate

CISA (Certified Information Systems Auditor)

CySA+ (Cybersecurity Analyst)

GIAC Security Essentials (GSEC) or similar

Deep familiarity with 21 CFR Part 11 (electronic records and signatures)

Experience with additional security frameworks:

NIST Cybersecurity Framework (CSF)

NIST 800-53 controls

CIS Critical Security Controls

Prior experience supporting FDA inspections or pharmaceutical regulatory audits

Experience with SOC 2 attestation and controls

Basic scripting or automation experience (PowerShell, Python, Bash)

Experience with identity and access management (IAM) platforms

Familiarity with cloud security (Azure, AWS, or GCP)

Why Capricor?

Capricor Therapeutics, a trailblazer in cell and exosome therapy, is dedicated to redefining standards of care with innovative treatments rooted in scientific excellence. Guided by integrity and a passion for patient-centered impact, our team is shaping a brighter future for healthcare. Join us and contribute to a mission-driven group that’s transforming lives with every breakthrough.

Come Work With Us!

At Capricor, you’ll thrive in a collaborative environment that nurtures your professional growth and innovation. Join a dedicated team fueled by a passion for advancing medical science and transforming patient lives through our cutting-edge therapies.

Please note that Capricor does not use Skype for interviews or recruiting activities. Candidates will only be contacted by an official Capricor email address which is @capricor.com. Additionally, Capricor will never ask potential employees to send a check or money to the Company for any reason.

Notice to Recruiting Agencies

Capricor Therapeutics does not accept candidate submissions or referrals from recruiting agencies, staffing firms, or third-party recruiters without expressed consent from Talent Acquisition management and a prior written agreement. Agencies that contact hiring managers directly, solicit business, or submit candidates without this approval will not be considered for any engagement. All such submissions become the property of Capricor Therapeutics, and no fees will be paid for any candidates hired as a result. We appreciate your cooperation and respect for this policy.