Cybersecurity Manager

Join EVA Pharma, a leading pharmaceutical company dedicated to empowering the fight for Health and well-being as a fundamental human right. Recognized and certified as a best place to work, we are committed to fostering a supportive and innovative environment for our team members. 

Job Summary 
As a Cybersecurity Manager, you will have total ownership of our security posture, strategy, and execution. This position demands a rare blend of strategic leadership and deep technical execution; you won't just oversee policy; you will actively build and refine our defences. The ideal candidate has a proven track record of running a SOC, navigating complex regulatory audits, and managing budgets, combined with the agility to scale these functions in a fast-paced environment.

Key Responsibilities:

• Security leadership & strategy: owning the roadmap, the team, and the budget, and translating risk into decisions the business understands.

• Detection & response: leading SOC operations and the full incident response lifecycle, hands-on with modern detection and response, threat intelligence, and security orchestration.
• Offensive security: directing vulnerability management, penetration testing, and proactive testing of our own defences.
• Secure architecture: designing and enforcing controls across identity, access, endpoints, and network, in both on-premises and multi-cloud environments.
• Application security: embedding secure design, threat modelling, and security into the development lifecycle.
• Governance, risk & compliance: building and maintaining our GRC program against recognized standards (ISO 27001, GDPR, and local data protection law) and owning internal and external audits.
• Resilience: building and testing our business continuity and disaster recovery capability.

Requirements

• Bachelor's degree in computer science or a related field (master's a plus)
• 8+ years in information/cyber security, with 3+ years leading a team and real ownership of people and budget, not just projects.

• Deep, hands-on technical depth — you've personally led SOC operations and worked directly with detection and response, SIEM/SOAR, threat intelligence, and incident response. You've run vulnerability management, penetration tests, and other offensive techniques yourself.
• Strong GRC experience — you've actually implemented standards like ISO 27001 and GDPR (not just read about them) and built BCP/DR programs from the ground up.
• Secure architecture experience — across on-premise and cloud (Azure, GCP, AWS, OCI), covering IAM, MFA, patch management, least privilege, device management, and physical security.
• Secure application experience — threat modelling and DevSecOps.
• Relevant certifications — CISSP, CISM, and/or ISO 27001 Lead Implementer/Auditor.
• Financial and budgeting experience, strong stakeholder management, and the ability to lead security awareness across the organization