Senior Analyst, Information Security

Axsome Therapeutics is a biopharmaceutical company leading a new era in the treatment of central nervous system (CNS) conditions. We deliver scientific breakthroughs by identifying critical gaps in care and develop differentiated products with a focus on novel mechanisms of action that enable meaningful advancements in patient outcomes. Our industry-leading neuroscience portfolio includes FDA-approved treatments for major depressive disorder, excessive daytime sleepiness associated with narcolepsy and obstructive sleep apnea, and migraine, and multiple late-stage development programs addressing a broad range of serious neurological and psychiatric conditions that impact over 150 million people in the United States. Together, we are on a mission to solve some of the brain’s biggest problems so patients and their loved ones can flourish. For more information, please visit us at www.axsome.com and follow us on LinkedIn and X. About This Role: Axsome is seeking a Senior Information Security Analyst who will play a critical role in enhancing Axsome’s cybersecurity posture, focusing on daily InfoSec operations, awareness training, alerts monitoring, threat hunting, liaising with Managed Service Providers (MSP), incident response, and vulnerability management. This position requires a proactive and detail-oriented professional with a deep understanding of cybersecurity principles and practices. This role requires a commitment to staying current with emerging security trends and technologies. This role is based at Axsome’s HQ in New York City with an on-site requirement of at least three days per week. We are unable to consider candidates who are looking for fully remote roles. Job Responsibilities and Duties include, but are not limited to, the following: Monitor security alerts and events from various sources, including MSP, SIEM systems, IDS/IPS, and other security toolsets Analyze and prioritize alerts to identify potential threats and vulnerabilities Investigate and respond to security incidents in a timely manner Manage the cybersecurity awareness training programs, promote security best practices and assess the effectiveness of training programs and make improvements as needed Develop and deliver comprehensive cybersecurity awareness training programs Create engaging InfoSec training materials and conduct regular trainings and evaluations to promote security best practices Assess the effectiveness of training programs and make improvements as needed Utilize advanced threat detection techniques and tools to uncover hidden threats and mitigate potential security threats Collaborate with team members to develop and implement threat hunting strategies, appropriate mitigations and security controls improvement Act as the point of contact for cybersecurity-related matters with Managed Service Providers (MSPs), ensure effective delivery of security services, and enforce adherence to SLAs Review and assess MSPs’ performance against metrics and provide feedback for continuous improvement Assist in coordinating incident response efforts, including identification, containment, eradication, and recovery Maintain and improve dynamic incident response plans, guides and playbooks Provide post-incident analysis and reporting to identify lessons learned and improve response processes Perform regular vulnerability assessments and scans to identify security weaknesses Prioritize and remediate vulnerabilities based on risk assessment and business impact Collaborate with IT Infrastructure and Operations and Application Development teams to implement security patches and updates Participate in security audits and contributing to the continuous improvement of security policies and procedures Manage the Third-Party Risk Management Program Support the InfoSec team with multiple, concurrent projects Additional responsibilities as assigned by IT leadership Requirements/Qualifications Bachelor’s degree in computer science, Information Security, or a related field. Minimum of 5 years of experience in cybersecurity, with a focus on awareness training, alerts monitoring, threat hunting, liaison with MSP, incident response, and third party risk management Experience working with cybersecurity frameworks (NIST CSF & RMF, ISO 27001), standards, and best practices (CIS, Mitre Att&ck) Strong hands-on experience of networking, Microsoft 365 and Defender, Windows 10/11 OS Working knowledge of networking and cloud infrastructure Experience, Knowledge, and Skills Strong collaboration and negotiation skills, with a high degree of self-motivation, and ability to work independently with minimal supervision Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse teams Relevant certifications such as Security+, CISSP, GIAC, CEH, CISA or equivalent are highly desirable Proficiency in security tools and technologies such as SIEM, IDS/IPS, EDR, secure web gateway, patch management, training system, and vulnerability scanners Excellent analytical and problem-solving skills with the ability to analyze complex security issues, identify root causes, and develop practical solutions Commitment to staying informed about the latest security trends, threats, and technologies through ongoing learning and professional development activities Ability to proactively plan, organize, deliver with limited oversight, prioritize, and quickly adapt to changing situations Strong attention to detail and a meticulous approach to security-related tasks

Salary : $135,000 - $160,000