Cybersecurity Project Analyst

Who We Are:

Click Therapeutics, Inc., develops, validates, and commercializes software as prescription medical treatments for people with unmet medical needs. As a leading innovator of Digital Therapeutics™, Click delivers accessible, clinically proven, FDA-regulated prescription treatments to the smartphone in your hand. Click’s treatments are defined by a commitment to applying technical and scientific rigor and patient-centric design to the development process. This results in uniquely engaging experiences that achieve compelling clinical outcomes for patients seeking new treatment options. Click Therapeutics continuously expands and refines its platform with novel cognitive, behavioral and neuromodulatory mechanisms of action and advanced data-driven tools such as artificial intelligence and machine learning. The digital therapeutics under development on Click’s platform address diverse areas of therapeutic need, including indications in psychiatry, neurology, oncology, immunology, and cardiometabolic diseases. Consistently named a best place to work, Click fosters an inclusive, diverse workforce of innovators, clinicians, scientists, researchers, designers, technologists, engineers and more, united in a common mission to provide patients everywhere access to safe and effective prescription digital therapeutics. For more information, visit www.clicktherapeutics.com and connect with us on LinkedIn.

About the Role:

We're looking for a Cybersecurity Project Analyst to join our team at Click Therapeutics, Inc. In this role, you'll be a key player in our information security program, working alongside the Cyber Team, engineers, and senior security experts. Your main responsibilities will include helping to design, test, implement, and monitor the security measures that protect our company.

This position is based out of Click’s headquarters located in Tribeca, NYC, at the center of one of the fastest-growing digital health communities. We have a hybrid working model that consists of at least 3 days in office each week.

Responsibilities:

Maintain awareness of emerging cybersecurity threats, regulatory requirements, and industry best practices across Information Security, Application Development, GRC to help drive organizational change.
Identify and assess vulnerabilities in critical assets, customer network, and systems; coordinate and manage remediation activities to closure.
Maintain and mature the Third-Party Risk Management lifecycle, including onboarding, due diligence, re-assessments, and risk mitigation.
Monitor and track risk, risk exceptions and compensating controls; ensure risk acceptance processes are documented and approved in accordance with governance policies.
Develop, implement, and maintain risk and compliance programs aligned with NIST, ISO 27001, SOC 2, and CyberEssentials frameworks.
Create, update, and maintain standard operating procedures (SOPs) and information security policies (ISPs) to ensure alignment with organizational posture and compliance requirements.
Lead internal and external audits and support compliance efforts, including SOC 2, ISO-27001, and other regulatory frameworks.
Assist with incident response activities, including triaging alerts, and investigating security events to system and network security alerts.
Lead monthly phishing simulation campaigns and analyze results to strengthen the organization’s security awareness.
Manage and enhance the Security Awareness Training program, ensuring engagement and ongoing relevance to emerging threats and best practices.
Participate in the change management process, ensuring that security requirements and impact assessments are properly addressed.
Collaborate with the Cloud and Application engineering teams to provide security-focused guidance during the design and implementation phases.
Work as part of a cross-functional team of engineers and analysts, contributing in a respectful, inclusive, and collaborative environment.
Manage projects under minimal supervision and create progress reports.

Qualifications:

1+ years of hands-on experience in cybersecurity, information security, or a related field.
Strong eagerness to learn, take initiative, and engage with new and evolving tasks.
Effective verbal, written, and interpersonal communication skills.
Foundational knowledge and understanding of IT risk assessments of potential and current information security risk.
BS degree in Computer Science, Cyber Security or related field or equivalent work experience.

Preferred Qualifications:

Experience working with cloud-based environments and microservices architecture, including configuration, operation, and maintenance (e.g., AWS).
Familiarity with compliance and risk management requirements in regulated industries such as healthcare, or related industries.
Working knowledge of common security frameworks (e.g., NIST, SOC 2, ISO27001)
Familiarity with developing within an agile scrum planning methodology
Relevant certifications such as CC, SEC+, CISA, CISM.

Compensation:

The base salary range for this position is between: $85,000 - $110,000. The final base salary will be dependent upon skills, experience and location. In addition to the base salary, Click Therapeutics offers an annual performance-based cash bonus and a generous equity package.

Benefits:

The role includes great benefits and is an excellent wealth-building opportunity at a fast-growing pre-IPO company in a nascent and extremely exciting space.