Cybersecurity Analyst

At Kaléo, our way is not to seek to be like others, but rather to passionately pursue meaningful and innovative solutions for patients. We believe all people should have access to the innovative healthcare products and solutions that empower each of them to live fuller, bolder lives.

Kaléo’s Information Technology Team seeks a dedicated and detail-oriented Cybersecurity Analyst to stand up enterprise-wide Data Loss Prevention (DLP) operations. This critical role’s key function will be to serve as our primary DLP administrator and as a key member of our information security team. This role will be responsible for implementing, managing, and maintaining our DLP solution(s) to protect sensitive information and prevent unauthorized access or data loss. This role requires an experienced and proactive individual with strong analytical skills and a thorough understanding of data security principles, tools, and best practices to ensure our data remains secure and compliant with organizational and regulatory standards.

The Cybersecurity Analyst will be able to continue their professional growth as a part of a small but experienced team of I.T. professionals who are evolving the technology footprint of a life-transforming pharmaceutical company. As an integral part of our Technology Team, this role will play a key part in continuing to grow, expand, and mature the information technology landscape at Kaléo to serve the needs of the organization with our patients always at the heart of what we do. If you want to work in a fast-paced environment where every day is different and where there are ample opportunities to make meaningful and continuous impacts to business operations, you will thrive at Kaléo.

As a Cybersecurity Analyst, you will:

Implement and Manage DLP Solutions:

• Participate in the implementation and continuous lifecycle of a new comprehensive DLP toolset(s) within a pharmaceutical landscape covering various types of sensitive information
• Administer and configure Data Loss Prevention tools and policies across the organization’s information systems.
• Monitor and maintain DLP systems, resolving issues, optimizing performance, and ensuring operational efficiency.
• Create and manage incident response processes for data breaches, working with relevant stakeholders to remediate security issues.

Develop and Enforce Policy:

• Develop, document, and enforce DLP policies and procedures to prevent unauthorized data access, transfer, or loss.
• Collaborate with the cybersecurity and compliance teams to ensure policies appropriately align with industry regulations (e.g., GDPR, HIPAA, NIST CSF 2.0, NIST 800-171, NIST 800-53).
• Regularly review and update DLP rules and thresholds to adapt to emerging threats.

Monitor and Analyze Incidents:

• Continuously monitor DLP alerts and logs, analyzing incidents, false positives, and trends in data usage.
• Conduct root-cause analysis for data leakage incidents and provide recommendations for process improvements.
• Prepare and deliver periodic reports on DLP activities, trends, and compliance metrics to management.

Foster User Awareness and Facilitate Training:

• Develop and deliver training programs for employees on data protection best practices and DLP policies.
• Collaborate with cross-functional teams to promote a culture of data security awareness.

Oversee Risk Management and Compliance:

• Assist in conducting data security risk assessments and audits, identifying potential weaknesses in data handling.
• Ensure compliance with organizational security policies, industry standards, and legal regulations for data security.

Manage Ongoing Technical Support and Troubleshooting:

• Provide technical support for DLP-related issues, troubleshooting system malfunctions, and working with IT teams to resolve technical problems.
• Work with vendors and technology partners for DLP software updates, patches, and enhancements.
• Other tasks and responsibilities, as may be assigned.

A successful Cybersecurity Analyst will have:

• Strong analytical, problem-solving, and communication skills.
• Ability to work both independently and as part of a team.
• The ability to lead and operate within complex projects and resolve complex issues with minimal oversight.
• Unwavering integrity with a commitment to maintaining confidentiality of secure/sensitive information and following compliant procedures.
• Keen attention to detail and ability to multitask while managing competing deadlines.
• A commitment to participating in an inclusive workplace.

To be considered for the position, you must have:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Knowledge of Data Loss Prevention (DLP) tools, network security, and endpoint security. Proficiency with SIEM tools and security frameworks (e.g., CMMC/NIST, ISO 27001). CISSP, CISM, CEH, or other relevant security certifications.
• 2+ years of experience in information security or data protection, preferably with hands-on experience in administering DLP technologies (e.g., technologies similar to Microsoft Purview, Forcepoint, Symantec DLP, McAfee).

Additional preferred qualifications:

• Primary location in Richmond, VA preferred.

Please complete candidate application for consideration. Additional questions can be directed to [email protected].