Join EVA Pharma, a leading pharmaceutical company dedicated to empowering the fight for Health and well-being as a fundamental human right. Recognized and certified as a best place to work, we are committed to fostering a supportive and innovative environment for our team members. Job Summary As a Cybersecurity Manager , you will have total ownership of our security posture, strategy, and execution. This position demands a rare blend of strategic leadership and deep technical execution; you won't just oversee policy; you will actively build and refine our defences. The ideal candidate has a proven track record of running a SOC, navigating complex regulatory audits, and managing budgets, combined with the agility to scale these functions in a fast-paced environment. Key Responsibilities: Security leadership & strategy: owning the roadmap, the team, and the budget, and translating risk into decisions the business understands. Detection & response: leading SOC operations and the full incident response lifecycle, hands-on with modern detection and response, threat intelligence, and security orchestration. Offensive security: directing vulnerability management, penetration testing, and proactive testing of our own defences. Secure architecture: designing and enforcing controls across identity, access, endpoints, and network, in both on-premises and multi-cloud environments. Application security: embedding secure design, threat modelling, and security into the development lifecycle. Governance, risk & compliance: building and maintaining our GRC program against recognized standards (ISO 27001, GDPR, and local data protection law) and owning internal and external audits. Resilience: building and testing our business continuity and disaster recovery capability. Bachelor's degree in computer science or a related field (master's a plus) 8+ years in information/cyber security, with 3+ years leading a team and real ownership of people and budget, not just projects. Deep, hands-on technical depth — you've personally led SOC operations and worked directly with detection and response, SIEM/SOAR, threat intelligence, and incident response. You've run vulnerability management, penetration tests, and other offensive techniques yourself. Strong GRC experience — you've actually implemented standards like ISO 27001 and GDPR (not just read about them) and built BCP/DR programs from the ground up. Secure architecture experience — across on-premise and cloud (Azure, GCP, AWS, OCI), covering IAM, MFA, patch management, least privilege, device management, and physical security. Secure application experience — threat modelling and DevSecOps. Relevant certifications — CISSP, CISM, and/or ISO 27001 Lead Implementer/Auditor. Financial and budgeting experience , strong stakeholder management, and the ability to lead security awareness across the organization