Description
About Norstella
At Norstella, our mission is simple: to help our clients bring life-saving therapies to market quicker—and help patients in need.
Founded in 2022, but with history going back to 1939, Norstella unites best-in-class brands to help clients navigate the complexities at each step of the drug development life cycle —and get the right treatments to the right patients at the right time.
Each organization (Citeline, Evaluate, MMIT, Panalgo, The Dedham Group) delivers must-have answers for critical strategic and commercial decision-making. Together, via our market-leading brands, we help our clients:
- Citeline – accelerate the drug development cycle
- Evaluate – bring the right drugs to market
- MMIT – identify barrier to patient access
- Panalgo – turn data into insight faster
- The Dedham Group – think strategically for specialty therapeutics
By combining the efforts of each organization under Norstella, we can offer an even wider breadth of expertise, cutting-edge data solutions and expert advisory services alongside advanced technologies such as real-world data, machine learning and predictive analytics. As one of the largest global pharma intelligence solution providers, Norstella has a footprint across the globe with teams of experts delivering world class solutions in the USA, UK, The Netherlands, Japan, China and India.
Job description
We are looking for someone who is motivated, driven, and passionate about cloud security and finding solutions to complex business challenges. If you join the Citeline Information Security team, your mission will be to help us build and operate our cloud security program. You will have the exciting opportunity to work with our developers and DevOps engineers to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.
Key duties and responsibilities
- This is a hands-on technical position, with a mixture of architecture, design, implementation, and operations responsibilities
- Ensure the secure operations of Citeline cloud infrastructure, platforms, and software, through the installation, maintenance, and continuous improvement of cloud security capabilities
- Translate business needs into security and technical requirements and communicate security risks to relevant stakeholders ranging from business leaders to technologists
- Provide subject matter expertise on information security architecture and systems engineering to technology and business teams
- Create cloud security policies and standards as a part of the larger information security policy framework
- Work closely with GRC team to develop and maintain cloud security designs necessary to achieve compliance requirements including SOX, ISO 27001, SOC 2, PCI, HIPAA/HITECH, and GDPR
- Implement cloud security controls to rapidly detect and respond to information security incidents; participate as needed in security incidents
- Stay current with industry best practices in cloud security and the evolving threat landscape; implement and update cloud security capabilities accordingly
- Work closely with product security engineers to create and maintain threat models and associated remediation recommendations
- Analyze, design, develop, and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context
- Lead and participate in large cross-functional projects
- Create and maintain thorough technical documentation and runbooks
Key requirements
- 5+ years of cloud security engineering experience with deep expertise in AWS
- Deep understanding of web application architecture and design principles
- Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
- Knowledge in authentication and authorization standards including OAuth, SAML, etc
- Strong understanding of Infrastructure-as-Code and experience with Terraform
- Experience securing containers and Kubernetes
- Ability to write reliable Python software
- Experience with DevOps and automation mindset and tools required (Jenkins, TeamCity, etc)
- In-depth knowledge of common security flaws and resolution as published by OWASP, SANS, etc
- Experience in regulated environments regarding change management, security controls, compliance efforts (HIPAA/HITRUST, SOC 2, ISO 27001)
- Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization
- Advanced analytical and decision-making skills
- Excellent written and verbal communication skills and the ability to translate security objectives into technical requirements
- Excellent judgement in prioritizing security efforts to mitigate the appropriate risks
- An ability to reason about security decisions and communicate security requirements
Our guiding principles for success at Norstella
01: Bold, Passionate, Mission-First
We have a lofty mission to Smooth Access to Life Saving Therapies and we will get there by being bold and passionate about the mission and our clients. Our clients and the mission in what we are trying to accomplish must be in the forefront of our minds in everything we do.
02: Integrity, Truth, Reality
We make promises that we can keep, and goals that push us to new heights. Our integrity offers us the opportunity to learn and improve by being honest about what works and what doesn’t. By being true to the data and producing realistic metrics, we are able to create plans and resources to achieve our goals.
03: Kindness, Empathy, Grace
We will empathize with everyone's situation, provide positive and constructive feedback with kindness, and accept opportunities for improvement with grace and gratitude. We use this principle across the organization to collaborate and build lines of open communication.
04: Resilience, Mettle, Perseverance
We will persevere – even in difficult and challenging situations. Our ability to recover from missteps and failures in a positive way will help us to be successful in our mission.
05: Humility, Gratitude, Learning
We will be true learners by showing humility and gratitude in our work. We recognize that the smartest person in the room is the one who is always listening, learning, and willing to shift their thinking.
Benefits:
- Medical and prescription drug benefits
- Health savings accounts or flexible spending accounts
- Dental plans and vision benefits
- Basic life and AD&D Benefits
- 401k retirement plan
- Short- and Long-Term Disability
- Education benefits
- Paid parental leave
- Paid time off
The expected base salary for this position ranges from $150,000 to $165,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary and a competitive benefits package, successful candidates are eligible to receive a discretionary bonus.
Norstella is an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. Our ethos is to respect and value people’s differences, to help everyone achieve more at work as well as in their personal lives so that they feel proud of the part they play in our success. We believe that all decisions about people at work should be based on the individual’s abilities, skills, performance and behaviour and our business requirements. Norstella operates a zero tolerance policy to any form of discrimination, abuse or harassment.
We know that sometimes the 'perfect candidate' doesn't exist, and that sometimes the best opportunities are hidden by self-doubt. We disqualify ourselves before we have the opportunity to be considered. Regardless of where you came from, how you identify, or the path that led you here, you are welcome. If you read this job description and feel engaged and excited, we’d love to see you apply.