Cybersecurity Assurance Analyst Evinova
Cybersecurity Assurance Analyst Evinova
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Introduction to role:
Are you ready to transform the future of healthcare At Evinova a subsidiary of AstraZeneca Group were on a mission to revolutionize patient care through technology data and innovative approaches. As a Cybersecurity Assurance Analyst youll play a pivotal role in ensuring our digital health solutions are secure resilient and compliant. Are you excited to harness the power of digital and AI to tackle life sciences challenges Join us in creating new standards across the sector with science-based evidence-led and human experience-driven solutions. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients were helping.
Accountabilities:
As a Cybersecurity Assurance Analyst at Evinova you will operate at the intersection of Cyber Governance Risk and Compliance (GRC) and software engineering enablement. The Cybersecurity Assurance team is responsible for operationalizing and advancing several compliance programs including NIST Cybersecurity Framework (CSF v2) NIST Secure Software Development Framework (SSDF) AICPAs SOC2 ISO 27000-series and China Multi-Level Protection Scheme (MLPS). This role will ensure that our SaaS platform remains secure resilient and compliant with all relevant regulatory and customer expectations while also partnering with the broader engineering organization by embedding cybersecurity controls into development and operations.
Reporting to the Director of Cybersecurity Assurance you will support internal and external audit cycles manage cyber-relevant controls and process documentation and advise cross-functional teams in embedding secure-by-default considerations into engineering workflows and business processes.
This role is ideal for someone who is detail-oriented proactive and passionate about business enabling cyber processes while working in a global fast-paced and cloud-native environment. Success in this role involves embracing a hands-on working environment developing lasting risk mitigations and collaborating across cyber teams to position Evinova at the forefront of cybersecurity risk management. As a global cybersecurity team we strive to enable fast-paced Healthtech innovation while maintaining a strong and compliant cybersecurity posture. Successful candidates will ensure that cybersecurity assurance is not just a check-the-box function but a business enabler.
Key Responsibilities:
Governance Risk and Compliance (GRC)
Support the continuous improvement of our Cybersecurity Program (the Evinova Cyber Baseline) and ensuring defensible alignment against the NIST Cybersecurity Framework v2 ISO 27000-series and SOC2 guidance / standards.
Perform periodic risk assessments controls testing and evidence collection for internal and external audit.
Track control remediations risk exceptions and audit findings ensuring accountability across teams with timely resolutions.
Contribute to policy standard and procedure development ensuring that they are actionable and relevant to our context.
Monitor external obligations and the regulatory environment to identify potential compliance drift.
Partner with the Director of Cybersecurity Assurance to guide teams through threat modeling exercises and proactive risk reviews to assess the cybersecurity and compliance implications of new initiatives.
Support initiatives that promote a security-first mindset across Evinova including awareness campaigns training coordination and storytelling around assurance wins.
Engineering Advisory
Serve as a cybersecurity point-of-contact for Platform and Product Development teams to advise on cyber risk identifications best practices risk mitigations and other cyber-relevant advisory to enable secure-by-default practices.
Provide assurance-focused reviews on proposed architectures designs and deployment pipelines to validate alignment with the Evinova Cyber Baseline and auditability requirements.
As an Audit and Assurance specialist support the Cybersecurity Engineering team with embedding security considerations into CI/CD pipelines Infrastructure-as-Code (IaC) and serverless / Kubernetes workloads.
Facilitate adherence to the NIST Secure Software Development Framework (SSDF) by ensuring secure software development lifecycle practices are consistently followed (e.g. code scanning dependency management container security).
Assist in building templates and guidance that empower developers to implement secure and compliant practices independently reducing friction and increasing adoption.
Assurance and Continuous Improvement
Leverage data from cybersecurity tools and CI/CD pipelines to assess control coverage identify gaps and recommend improvements that align with assurance objectives.
Execute controls assurance testing across technical and non-technical domains.
Prepare responses to customer cybersecurity questionnaires request for proposals / information and other external due diligence inquiries with accurate evidence-backed responses. Including maintaining our public Trust Center.
Partner with Cybersecurity Directors and the Head of Cybersecurity in developing Evinova Leadership relevant risk metrics dashboards and other reporting deliverables to evidence our Cybersecurity and Product Security posture.
Identify and operationalize opportunities to automate assurance activities (e.g. compliance as code automated evidence collection).
Essential Skills/Experience:
- Bachelors degree in Cybersecurity Management / Business Information Systems Computer Science or a related field.
- 5 years of experience in cybersecurity IT audit risk management or compliance roles.
- Familiarity with cybersecurity guidance frameworks and standards such as ISO 27001 SOC 2 NIST 800-53 or CIS Controls.
- Experience working with GRC platforms (e.g. Hyperproof OneTrust SafeBase) and collaboration tools (e.g. Jira Confluence).
- Basic understanding of cloud security (especially in AWS) and secure software development lifecycle (SSDLC) practices.
- Strong attention to detail and ability to manage documentation workflows and evidence with precision.
- Ability to translate technical requirements into clear actionable tasks for non-technical stakeholders.
- Proficiency in organizing and visualizing data for reporting and metrics (e.g. using Excel Power BI or similar tools).
- Excellent written and verbal communication skills.
- Ability to work cross-functionally with engineering product and legal teams.
- Comfortable supporting external audits and engaging with internal stakeholders.
- Proactive curious and eager to learn in a fast-paced evolving environment.
- Passion for building a security-first culture and improving user experience in compliance processes.
Desirable Skills/Experience:
- Strong track record of being collaborative pragmatic curious analytical and providing effective communications.
- Ability to bridge the gap between cybersecurity compliance requirements and engineering execution.
- Prior experience in supporting Cybersecurity Assurance activities at a SaaS/cloud service provider.
- Familiarity with Life Sciences / Clinical Development related regulations and standards is a strong plus.
- Experience in ensuring compliance within a highly regulated global business environment particularly in healthcare or clinical research.
- A global perspective on privacy security and data protection issues with experience in Asia-Pacific regulations being a strong plus.
- At least one professional certification: Certified Information Systems Auditor (CISA) Certified Information Security Management (CISM) or Certified Information Systems Security Professional (CISSP).
- Demonstrated initiative and strong customer orientation with an ability to work effectively across cultures.
When we put unexpected teams in the same room we unleash bold thinking with the power to inspire life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.
AstraZeneca is where innovation meets impact. We are committed to driving meaningful change in healthcare by embracing technology and investing in digital solutions. Our collaborative culture fosters creativity and empowers individuals to explore new approaches. With access to continuous data and global partnerships we redefine patient experiences and outcomes. Join us as we push boundaries within regulatory limits and contribute to individualised medicines developed through our deep understanding of biology.
Ready to make a difference Apply now to join our journey towards transforming healthcare!
Date Posted
10-sept-2025Closing Date
24-sept-2025AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.
Required Experience:
IC
Employment Type
Full-Time
