Manager, IT Security Analyst

Are you ready to join a team committed to making a meaningful impact on cancer treatment through the discovery and development of precision medicines? At Kura Oncology, you have an opportunity to be a part of something bigger, with a lasting impact that you can be proud of.

At Kura Oncology, we are working to change the paradigm and improve the science of cancer treatment. As an organization, we strive to cultivate a diverse and talented professional culture driven to develop precision medicine therapeutics.

As we continue to build a leading biotech organization with a strong culture, a patient-focused mindset and a team focused on relentless execution, we are looking for innovative, passionate professionals to join us and make our vision a reality.

To succeed at Kura, you will need to have a demonstrated ability for excellence in drug discovery and development and a roll-up your sleeves attitude. The ideal candidate will possess a values-driven work style where integrity and grit drive all behaviors, decisions, and actions.

ESSENTIAL JOB FUNCTIONS:

Reporting to the Senior Director of IT and Facilities, the IT Security Analyst serves as the primary operational lead for cybersecurity, vendor risk, and data privacy programs at Kura. This role is responsible for strengthening the company’s security posture, supporting regulatory and audit requirements, and ensuring continuous improvement of detection, response, and risk management capabilities in a highly regulated life sciences environment.

The IT Security Analyst partners closely with internal stakeholders and external security service providers to identify, assess, and mitigate risk. This position acts as a subject matter expert for information security, third party risk, and audit readiness, and plays a critical role in promoting a security first culture across the organization.

The ideal candidate will bring deep experience in regulated life sciences environments, demonstrates strong leadership and cross functional collaboration skills, and thrives in fast paced, high growth organizations.

• Enhance and mature Kura’s cybersecurity program, strengthening systems, processes, and controls to meet evolving regulatory and data privacy requirements.
• Own and administer the third party risk management and data privacy platform, including configuration, assessments, remediation tracking, reporting, and continuous improvement in partnership with Legal, Compliance, Procurement, and Quality.
• Coordinate vendor security assessments and track remediation activities to reduce third party risk exposure.
• Serve as the operational owner for the managed security services provider and related security monitoring platforms, ensuring effective alert triage, incident response coordination, use case tuning, and reporting.
• Lead and support security incident response activities, including investigation, containment, remediation, and documentation.
• Oversee vulnerability management activities, including vulnerability scanning, reporting, and remediation coordination across endpoints, infrastructure, and applications.
• Partner with internal teams and external providers to conduct security assessments, penetration testing, disaster recovery exercises, and tabletop simulations.
• Oversee and continuously improve the cybersecurity awareness and training program to strengthen the organization’s security culture.
• Research, evaluate, recommend, and implement appropriate security tools and technologies aligned with organizational risk priorities and direction from the Director of IT.
• Support patch management oversight by validating that security updates are applied in accordance with defined standards and timelines.
• Monitor configuration standards and security controls to maintain appropriate risk levels across endpoints, identity platforms, and infrastructure.
• Serve as the primary operational owner for IT security audit readiness, including evidence collection, documentation, and control validation in support of internal and external audits.
• Provide risk based recommendations to IT leadership regarding security strategy, roadmap initiatives, and remediation priorities.
• Stay current on emerging cybersecurity threats, regulatory expectations, and industry best practices relevant to life sciences and regulated environments.
• Champion information security, privacy, and risk awareness across the organization.

JOB QUALIFICATIONS:

• 7 plus years of progressive experience in information security, cybersecurity operations, or risk management.
• 3 plus years of experience supporting security programs in a regulated environment such as pharmaceutical, biotechnology, medical device, or similar industries preferred.
• Demonstrated experience operating third party risk management and data privacy platforms, including vendor assessments and remediation tracking.
• Hands on experience with security monitoring and detection technologies such as SIEM, EDR, MDR, MSSP, vulnerability management tools, and endpoint security platforms.
• Strong understanding of cybersecurity frameworks and regulatory standards including NIST CSF, ISO 27001, SOC 2, SOX IT controls, and 21 CFR Part 11.
• Experience supporting internal and external audits and regulatory inspections.
• Ability to assess technical risk and translate regulatory requirements into practical security controls and processes.
• Strong analytical and investigative skills with the ability to prioritize risks and recommend business aligned solutions.
• Excellent written and verbal communication skills, including the ability to communicate risk concepts to technical and non-technical stakeholders.
• High level of discretion, integrity, and ability to handle confidential and sensitive information.
• Bachelor’s degree in Information Technology, Computer Science, Information Security, or related field, or equivalent practical experience.
• Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are preferred.

The base range for this role is $156,586 - $185,630 per year. Individual pay may vary based on additional factors, including, and without limitation, job-related skills, experience, work location, and relevant education or training. Kura's compensation package also includes generous benefits, equity, and participation in an annual target bonus.

#LI-RM1

Kura’s Values that are used for candidate selection and performance assessments:

• We work as one for patients
• We are goal-focused and deliver with excellence
• We are science-driven courageous innovators
• We strive to bring out the best in each other and ourselves

The Kura Package

• Career advancement/ development opportunities
• Competitive comp package
• Bonus
• 401K + Employer contributions
• Generous stock options
• ESPP Plan
• 20 days of PTO to start
• 18 Holidays  (Including Summer & Winter Break)
• Generous Benefits Package with a variety of plans available with a substantial employer match
• Paid Paternity/Maternity Leave
• In-Office Catered lunches
• Home Office Setup
• Lifestyle Spending Stipend
• Commuter Stipend (Boston Office)
• Regular employee social activities, including happy hours, monthly birthday celebrations, Kura Koffee Talks, and much more!

Kura Oncology is a clinical-stage biopharmaceutical company committed to realizing the promise of precision medicines for the treatment of cancer. The Company’s pipeline consists of small molecule drug candidates designed to target cancer signaling pathways. Ziftomenib, a once-daily, oral menin inhibitor, is the first and only investigational therapy to receive Breakthrough Therapy Designation from the U.S. Food and Drug Administration (“FDA”) for the treatment of relapsed/refractory (“R/R”) NPM1-mutant acute myeloid leukemia (“AML”). In November 2024, Kura Oncology entered into a global strategic collaboration agreement with Kyowa Kirin Co., Ltd. to develop and commercialize ziftomenib for AML and other hematologic malignancies. Enrollment in a Phase 2 registration-directed trial of ziftomenib in R/R NPM1-mutant AML has been completed, and in the second quarter of 2025, the companies announced the FDA’s acceptance of a New Drug Application for ziftomenib for the treatment of adult patients with R/R NPM1-mutant AML and assignment of a Prescription Drug User Fee Act target action date of November 30, 2025. Kura Oncology and Kyowa Kirin are also conducting a series of clinical trials to evaluate ziftomenib in combination with current standards of care in newly diagnosed and R/R NPM1-mutant and KMT2A-rearranged AML. KO-2806, a next-generation farnesyl transferase inhibitor, is being evaluated in a Phase 1 dose-escalation trial as a monotherapy and in combination with targeted therapies for patients with various solid tumors. Tipifarnib, a potent and selective farnesyl transferase inhibitor, is currently in a Phase 1/2 trial in combination with alpelisib for patients with PIK3CA-dependent head and neck squamous cell carcinoma. For additional information, please visit Kura’s website at www.kuraoncology.com and follow us on X and LinkedIn.

Kura Oncology is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. 

If you are a California resident, please see the attached Privacy Notice CA Privacy Notice