As a leading global contract research organization (CRO) with a passion for scientific rigor and decades of clinical development experience, Fortrea provides pharmaceutical, biotechnology, and medical device customers a wide range of clinical development and technology solutions across more than 20 therapeutic areas. With over 18,000 staff conducting operations in more than 90 countries, Fortrea is transforming drug and device development for partners and patients across the globe.
Job Overview:
As a Cybersecurity Architect you would be responsible for evaluating the security profile and risks of Fortrea’s applications and business critical environments. This role requires a deep understanding of security frameworks, risk management, and the ability to adapt to evolving cyber threats.
The Cybersecurity Architect will collaborate closely with other Cyber Security towers such as Architecture, Engineering, Operations, Identity & Access Management (IAM), and Governance, Risk & Compliance (GRC) to ensure alignment with security.
Responsibilities include, but are not limited to:
- Lead, develop, and maintain a threat modeling process.
- Create and execute a t-shirt sizing model for cost and effort estimates.
- Ensure appropriate security controls are incorporated into new technologies.
- Design documentation for risk technical risk assessment reviews.
- Maintain the team risk register.
- Conduct thorough risk assessments, identify vulnerabilities, and implement mitigation strategies.
- Lead the validation of controls associated with security requirements.
- Deliver high-quality customer experiences.
- Ensure consistent and comprehensive deliverables.
- Lead the creation of a security risk assessment process.
- Ensure adherence to security policies and standards.
- Serve as a central point of contact for cybersecurity needs.
- Provide guidance on required cybersecurity integrations.
- Develop metrics to measure risk posture.
- Establish a continuous improvement process for security posture.
- Work closely with IT and business teams to promote security awareness.
- Ensure the organization's security posture complies with regulations and standards.
Qualifications (Minimum Required):
Education: Bachelor’s or Master’s degree in computer science, Information Security, or a related field.
Experience:
- Minimum of 5 or more years of experience in cybersecurity, with a focus on cybersecurity auditing, security consultancy, architecture, and design.
- Proven experience in collaborating across various IT and business domains at both the SME level and leadership level.
- Excellent Oral and written communication skills with the ability to translate technical security risks to senior level leadership
- Ability to think strategically, innovatively, and execute effectively.
- Ability to interface with business and technical teams providing support and guidance for security requirements
- Experience documenting business and security requirements.
- Experience developing and maintaining request intake forms and processes.
- Experience identifying and communicating Cyber Security risks in solutions to both technical and non-technical audiences.
- Ability to validate technical evidence of security controls meet stated requirements
Strong understanding and experience in most of the following areas:
- Architecture Frameworks such as COBIT, SABSA, TOGAF
- Application, API, and Container Security and relevant technologies
- Cloud Security including IaaS, PaaS, and SaaS
- Data storage technologies and access controls
- Data Protection technologies and approaches
- DevSecOps and SDLC including relevant tools such as DAST, IAST, SAST, Vulnerability Scanning, etc.
- Identity and Access Management methods, protocols, and technologies
- Security technologies such as CASB, DLP, Firewalls, IDS, SIEM, WAF
Preferred Qualifications Include:
- Certifications: Relevant certifications such as CISSP, CISM, CEH, or similar are highly desirable.
- Technical Skills: Proficiency in security technologies, including firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, and encryption solutions.
- Knowledge: In-depth understanding of security frameworks (e.g., NIST, ISO 27001), regulatory requirements (e.g., GDPR, HIPAA), and risk management methodologies.
- Soft Skills: Strong analytical, problem-solving, and communication skills. Ability to work independently and as part of a team in a dynamic environment.
#LI-Remote
#FutureOfTech
#LI-SK2
Fortrea is actively seeking motivated problem-solvers and creative thinkers who share our passion for overcoming barriers in clinical trials. Our unwavering commitment is to revolutionize the development process, ensuring the swift delivery of life-changing ideas and therapies to patients in need. Join our exceptional team and embrace a collaborative workspace where personal growth is nurtured, enabling you to make a meaningful global impact. For more information about Fortrea, visit www.fortrea.com.
Fortrea is proud to be an Equal Opportunity Employer:
As an EOE/AA employer, Fortrea strives for diversity and inclusion in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications of the individual and do not discriminate based upon race, religion, color, national origin, gender (including pregnancy or other medical conditions/needs), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. We encourage all to apply.
For more information about how we collect and store your personal data, please see our Privacy Statement.
If you require a reasonable accommodation to complete your job application, pre-employment testing, job interview or to otherwise participate in the hiring process, please contact: taaccommodationsrequest@fortrea.com. Please note that this e-mail address is only for job seekers requesting an accommodation. Please do not use this e-mail to check the status of your application.