In 2020, a group of senior technology and product experts from Google and Verily China decided to delve into the intelligent digitalization of life science clinical research. Their findings resulted in AlphaLife Sciences, a pioneer in the fusion of life sciences and AI computer science as an AI-enabled integrated clinical research platform. Our flagship product, AuroraPrime, integrates Generative AI and Large Language Models (LLMs) into a powerful AI-driven SaaS platform.

Trusted by global top MNCs, our innovations accelerate drug development and market entry. We are committed to globalizing AuroraPrime to enhance clinical trials and real-world research by leveraging cutting-edge AI, cloud computing, and big data. We help our clients achieve clinical operational efficiency, automate processes, and make smarter decisions to get their products to market faster.

We are proud partners with Microsoft's Pegasus Program, Google for Startups, and Johnson & Johnson Innovation JLABS, delivering cutting-edge solutions like Generative AI-Copiloted Medical Writing, Intelligent EDC and Data Management, and Agile Trial Management.

Role Overview

We are looking for a hands-on Cybersecurity Manager to own our security assurance function in a fast-paced environment. This role combines deep technical understanding of our security architecture with customer-facing responsibilities, including RFPs, security questionnaires, and due diligence.

You will work with Engineering and Product teams to ensure our security posture is both strong in practice and defensible on paper, while supporting Sales in any security questions in RFPs.

This is a builder role where you’ll design and implement scalable processes, tools, and help shape the company’s security foundation as we grow. You will own AlphaLife Sciences' security governance and be the point of contact for all security matters.

Key Responsibilities

Technical RFP & Security Questionnaire Ownership

Own end-to-end responses to RFPs, RFIs, and detailed security questionnaires
Translate real system architecture, controls, and configurations into accurate, technically sound responses
Build and maintain a source-of-truth knowledge base tied directly to implemented controls
Validate responses against actual infrastructure (e.g., cloud configs, IAM policies, logging, encryption practices)

Customer-Facing Technical Security

Be the technical security representative and resource in client calls, confidently answering questions regarding our security posture
Facilitate deep-dive discussions to give clients an understanding on:
Cloud architecture (AWS/GCP/Azure)
Identity & access management (IAM, SSO, RBAC)
Data protection (encryption at rest/in transit, key management)
Application security (SDLC, SAST/DAST, dependency scanning)
Support security reviews, vendor risk assessments, and procurement cycles
Partner with Sales to proactively address security objections and unblock deals
Communicate with prospective and current clients as necessary regarding incidents, assessments, or audits

Security Architecture Alignment

Partner with Engineering and DevOps to:
Validate and document security controls and implementations
Ensure alignment between what is built vs. what is communicated externally
Contribute to and review:
Infrastructure for security best practices
CI/CD pipeline security (secrets management, artifact integrity, scanning)
Logging, monitoring, and alerting strategies (SIEM, EDR, etc.)

Compliance, Evidence, and Control Mapping

Own mapping between technical controls and compliance frameworks (SOC 2, ISO 27001, NIST)
Work with auditors and internal teams to ensure all claims in RFPs are backed by evidence
Maintain audit-ready documentation and ensure it stays up to date
Identify, track, and resolve security gaps uncovered

Tooling, Automation & Scale

Implement and optimize tools for scaling security responses as needed
Build integrations between documentation, ticketing systems, and response workflows
Leverage automation and AI to reduce manual effort while maintaining accuracy

Qualifications

8+ years in cybersecurity, cloud security, or infrastructure roles
Hands-on experience with cloud environments (AWS, GCP, or Azure)
Direct experience answering technical security questionnaires and RFPs
Knowledge of HIPAA, GDPR, ISO 27001, data privacy and protection rules, and cross-border data transfer regulations
Knowledge of the DOL Data Security Program (DSP) and its application for countries of concern
Strong understanding of: Network security, IAM, zero trust principles, application security, secure SDLC practices, logging, monitoring, and incident response fundamentals
Ability to read and understand: Infrastructure-as-Code, system architecture diagrams, security tooling outputs (scanners, SIEM alerts, etc.)
Strong cross-functional experience partnering and advising with Engineering, Product, and GTM teams

AlphaLife Sciences is an equal opportunity employer and does not discriminate based on protected veteran status, disability, or other legally protected status. If you require a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please notify our recruiters at any stage of the process.

Please note: Applicants must be authorized to work in the United States without the need for current or future visa sponsorship. At this time, AlphaLife Sciences is unable to sponsor visas for applicants.

See more open positions at YaoCheng

Powered by Getro.com

Privacy policy Cookie policy