RA Capital Management is a multistage investment manager dedicated to evidence-based investing in public and private healthcare and life science companies developing drugs, medical devices and diagnostics. Our flexible strategy allows us to provide seed funding to start-ups and lead private, IPO and follow-on financings for our portfolio companies, thereby driving value creation from idea inception through commercialization.
This is an opportunity on our Information Technology team for a person with a strong interest and background in managing the cybersecurity risks of a registered investment manager. This individual should have an inquisitive and investigative nature and a desire to work on a collaborative team. Candidates for this role must be able to communicate across IT and Business teams with different types of knowledge and expertise.
Key Responsibilities:
Cyber Program: responsible for the identification and monitoring of cyber risks throughout RA Capital. This involves actively maintaining awareness of evolutions in the business model, regulatory requirements, technological advances, and industry best practices.
Antivirus and Next Gen AV- (Microsoft Defender and Carbon Blac):
• Be the primary point of contact and subject matter expert in the deployment, configuration, and reporting on antivirus status and configuration.
• Make sure all endpoints are checking in and up to date in their configurations.
• Triage and manage alerts that come in from both systems.
CASB (Netskope):
• Oversee and be the primary point of contact for Netskope
• Confirm all endpoints (laptop and mobile) are configured correctly and checking in properly.
• Manage, edit, and deploy new policies to meet business needs.
• Create reports to monitor app usage, dlp incidents, AI usage, etc.
Vendor Management:
• Be a key participant in the Vendor Management Process.
• Evaluate new vendors from an IT Security perspective.
• Work with ACA or other vendors to complete due diligence on new vendors as well as complete yearly diligence review of Tier 1 vendors
Vulnerability / Patch Management:
▪ Work hand and hand with IT Ops team to identify, track and remediate all vulnerabilities on endpoints using Microsoft Defender or third-party tool.
▪ Provide weekly reporting on status of patching, vulnerabilities and remediation efforts using Jamf, Automox, and Microsoft Defender.
▪ Assist in scheduling and executing pen tests through 3rd party ACA
• Be a key participant in the Vendor Management Process.
• Evaluate new vendors from an IT Security perspective.
SIEM: manage evaluation of options, implementation, and ongoing operations (Q1 2025)
KnowBe4:
• Own and oversee the companies phishing training program using KnowBe4.
• Monitor phishing test failures to make sure people complete training in a timely manner.
• Provide additional training as needed and escalate any users who become a risk to the firm.
Control Framework:
• Assist in review of all Cyber policies including WISP, BCP, and Vendor Management. Manage periodic updates as required by technological, business, or regulatory changes
• Manage Cyber Assessments throughout year
• Assist in regulatory inquiries and examinations
Key Requirements:
▪ Minimum of 3 years of IT security experience
▪ BA/BS/MS or related experience, preferred background in information technology, cybersecurity or a related field
▪ Familiarity with: OKTA, DUO, Microsoft Defender, Carbon Black, Netskope, Automox, Jamf, Intune
▪ Strong analytical and investigative skills
▪ Ability to recognize issues and make recommendations for resolution
▪ Ability to communicate effectively verbally (1x1 and with groups) and in writing (formal and informal)
▪ Ability to work across various functions
▪ Ability to work on a hybrid schedule in our Boston office.
▪ Infrequent travel to other RA Capital offices and to attend industry conferences or professional development is required
▪ Open to local applicants only, no relocation
|