Skip to main content
SEARCH ROLES

Search roles

Cybersecurity Assurance Analyst - Evinova

Location Barcelona, Catalonia, Spain Job ID R-234884 Date posted 09/09/2025

Introduction to role:
Are you ready to transform the future of healthcare? At Evinova, a subsidiary of AstraZeneca Group, we're on a mission to revolutionize patient care through technology, data, and innovative approaches. As a Cybersecurity Assurance Analyst, you'll play a pivotal role in ensuring our digital health solutions are secure, resilient, and compliant. Are you excited to harness the power of digital and AI to tackle life sciences challenges? Join us in creating new standards across the sector with science-based, evidence-led, and human experience-driven solutions. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we’re helping.

Accountabilities:

As a Cybersecurity Assurance Analyst at Evinova, you will operate at the intersection of Cyber Governance, Risk, and Compliance (GRC) and software engineering enablement. The Cybersecurity Assurance team is responsible for operationalizing and advancing several compliance programs including, NIST Cybersecurity Framework (CSF v2), NIST Secure Software Development Framework (SSDF), AICPA’s SOC2, ISO 27000-series, and China Multi-Level Protection Scheme (MLPS). This role will ensure that our SaaS platform remains secure, resilient, and compliant with all relevant regulatory and customer expectations, while also partnering with the broader engineering organization by embedding cybersecurity controls into development and operations.

Reporting to the Director of Cybersecurity Assurance, you will support internal and external audit cycles, manage cyber-relevant controls and process documentation, and advise cross-functional teams in embedding secure-by-default considerations into engineering workflows and business processes. 

This role is ideal for someone who is detail-oriented, proactive, and passionate about business enabling cyber processes – while working in a global, fast-paced, and cloud-native environment. Success in this role involves embracing a hands-on working environment, developing lasting risk mitigations, and collaborating across cyber teams to position Evinova at the forefront of cybersecurity risk management. As a global cybersecurity team, we strive to enable fast-pacedHealthtech innovation while maintaining a strong and compliant cybersecurity posture. Successful candidates will ensure that cybersecurity assurance is not just a “check-the-box” function, but a business enabler. 

Key Responsibilities:

Governance, Risk and Compliance (GRC)

  • Support the continuous improvement of our Cybersecurity Program (“the Evinova Cyber Baseline”) and ensuring defensible alignment against the NIST Cybersecurity Framework v2, ISO 27000-series, and SOC2 guidance / standards.

  • Perform periodic risk assessments, controls testing, and evidence collection for internal and external audit.

  • Track control remediations, risk exceptions, and audit findings – ensuring accountability across teamswith timely resolutions.

  • Contribute to policy, standard, and procedure development – ensuring that they are actionable and relevant to our context.

  • Monitor external obligations and the regulatory environment to identifypotential compliance drift.

  • Partner with the Director of Cybersecurity Assurance to guide teams through threat modeling exercises and proactive risk reviews, to assess the cybersecurity and compliance implications of new initiatives. 

  • Support initiatives that promote a security-first mindset across Evinova, including awareness campaigns, training coordination, and storytelling around assurance wins.

Engineering Advisory

  • Serve as a cybersecurity point-of-contact for Platform and Product Development teams to advise on cyber risk identifications, best practices, risk mitigations, and other cyber-relevant advisory to enable secure-by-default practices.

  • Provide assurance-focused reviews on proposed architectures, designs, and deployment pipelines to validate alignment with the Evinova Cyber Baseline and auditability requirements.

  • As an Audit and Assurance specialist, support the Cybersecurity Engineering team with embedding security considerations into CI/CD pipelines, Infrastructure-as-Code (IaC), and serverless / Kubernetes workloads.

  • Facilitate adherence to the NIST Secure Software Development Framework (SSDF) by ensuring secure software development lifecycle practices are consistently followed (e.g., code scanning, dependency management, container security).

  • Assist in building templates and guidance that empower developers to implement secure and compliant practices independently, reducing friction and increasing adoption.

Assurance and Continuous Improvement

  • Leverage data from cybersecurity tools and CI/CD pipelines to assess control coverage, identify gaps, and recommend improvements that align with assurance objectives.

  • Execute controls assurance testing across technical and non-technical domains.

  • Prepare responses to customer cybersecurity questionnaires, request for proposals / information, and other external due diligence inquiries with accurate, evidence-backed responses. Including maintaining our public “Trust Center”.

  • Partner with Cybersecurity Directors and the Head of Cybersecurity in developing Evinova Leadership relevant risk metrics, dashboards, and other reporting deliverables to evidence our Cybersecurity and Product Security posture.

  • Identify and operationalize opportunities to automate assurance activities (e.g., compliance as code, automated evidence collection).

Essential Skills/Experience:
- Bachelor’s degree in Cybersecurity, Management / Business Information Systems, Computer Science, or a related field.
- 5+ years of experience in cybersecurity, IT audit, risk management, or compliance roles.
- Familiarity with cybersecurity guidance, frameworks, and standards such as ISO 27001, SOC 2, NIST 800-53, or CIS Controls.
- Experience working with GRC platforms (e.g., Hyperproof, OneTrust, SafeBase) and collaboration tools (e.g., Jira, Confluence).
- Basic understanding of cloud security (especially in AWS) and secure software development lifecycle (SSDLC) practices.
- Strong attention to detail and ability to manage documentation, workflows, and evidence with precision.
- Ability to translate technical requirements into clear, actionable tasks for non-technical stakeholders.
- Proficiency in organizing and visualizing data for reporting and metrics (e.g., using Excel, Power BI, or similar tools).
- Excellent written and verbal communication skills.
- Ability to work cross-functionally with engineering, product, and legal teams.
- Comfortable supporting external audits and engaging with internal stakeholders.
- Proactive, curious, and eager to learn in a fast-paced, evolving environment.
- Passion for building a security-first culture and improving user experience in compliance processes.

Desirable Skills/Experience:
- Strong track record of being collaborative, pragmatic, curious, analytical, and providing effective communications.
- Ability to bridge the gap between cybersecurity compliance requirements and engineering execution.
- Prior experience in supporting Cybersecurity Assurance activities at a SaaS/cloud service provider.
- Familiarity with Life Sciences / Clinical Development related regulations and standards is a strong plus.
- Experience in ensuring compliance within a highly regulated global business environment, particularly in healthcare or clinical research.
- A global perspective on privacy, security, and data protection issues with experience in Asia-Pacific regulations being a strong plus.
- At least one professional certification: Certified Information Systems Auditor (CISA), Certified Information Security Management (CISM), or Certified Information Systems Security Professional (CISSP).
- Demonstrated initiative and strong customer orientation with an ability to work effectively across cultures.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

AstraZeneca is where innovation meets impact. We are committed to driving meaningful change in healthcare by embracing technology and investing in digital solutions. Our collaborative culture fosters creativity and empowers individuals to explore new approaches. With access to continuous data and global partnerships, we redefine patient experiences and outcomes. Join us as we push boundaries within regulatory limits and contribute to individualised medicines developed through our deep understanding of biology.

Ready to make a difference? Apply now to join our journey towards transforming healthcare!

Date Posted

10-sept-2025

Closing Date

24-sept-2025

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

Apply

Join our Talent Network

Be the first to receive job updates and news from AstraZeneca

Sign up
Glassdoor logo Rated four stars on Glassdoor

Great culture, great work assignments, supportive management. Rotation opportunity within the company. They value inclusion and diversity.

see our latest Glassdoor reviews here