Cybersecurity Associate Director

Description:

Reporting to the Senior Director, Cybersecurity and Risk Management, the Associate Director of Cybersecurity will be responsible for information security operations, to include planning and operation of cybersecurity tools, applications, and business intelligence. The selected candidate will assist in developing, implementing, overseeing, and optimizing the organization's cybersecurity program (tools, technologies, methodologies) to ensure that information security policies, standards and practices are in place to manage risk to the enterprise effectively. This mid-level leadership position will also assist in driving the tactical direction of Insmed’s cybersecurity program to define and deliver reliable, secure, and scalable network systems, processes, and other services. Ideal candidates for this position will be hands-on leaders, able to do the work as well as accomplish results through others, in addition to demonstrating strong coaching, mentorship, and career development skills.

What You'll Do

In this role, you’ll have the opportunity to lead and mentor the Cybersecurity team creating a culture that fosters engagement, passion, and enthusiasm for Insmed’s vision, mission, and values.

You’ll Also

Build and mature a culture focused on proactive risk management and cyber security best practices.
Participate in the development of Insmed’s IT strategy as it relates to cybersecurity; implement and operationalize the strategy. Collaborate with the Senior Director on a strategy for building management support and ownership of cybersecurity.
Responsible for developing, implementing, and executing information security and vulnerability assessments, testing applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; perform risk analysis and recommends remediation for deficiencies. Track and reassess remediation(s) to ensure compliance with policies and operational standards.
To appropriately manage the program and enterprise risk, leverage cyber security metrics.
Research and benchmark industry-leading security practices and tools, validating the organization is protected with industry-leading security solutions and services. Examine new technologies’ impact on the organization's overall information security posture. Establish processes to review new technologies and ensure security compliance.
Responsible for developing, implementing, and executing company-wide/departmental information security training and awareness programs.
Manage production technology incidents to resolution, ensuring timely engagement, escalation, and effective communication to business, technology, and vendor partners.
Develop, implement, maintain, and oversee Insmed’s cybersecurity program ensuring Insmed can identify and detect threats, and protect, respond, and recover from threats and incidents.
In collaboration with Senior Director, work with and actively engage security service providers to deliver necessary services and manage contract requirements and service level agreements.
Execute security management tasks including the monitoring, installation, and activation of malicious software protection tools, applying security protocols to network connectivity, managing user identities and logical access, and providing security data as needed when investigations arise.
Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
Develop, implement, and test the IT elements in the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
Responsible for developing, implementing, and executing a comprehensive set of security standards and guidelines, including but not limited to cybersecurity operations, incident response, vulnerability management, network security, data protection, and loss, endpoint security, compliance program, and identity and access management.
Ensure program standards comply with applicable State and Federal regulatory requirements.

Who You Are

You have a minimum of an undergraduate degree in Computer Science, Management Information Systems, Business, or related field as well as 15+ years’ experience in IT/Cybersecurity.

You Are Or You Have

10+ years’ experience developing, managing, and directing cybersecurity operations with planning and development requirements, to include assessing effectiveness of such programs.
10+ years’ experience leading a team of highly skilled technical professionals.
5+ years’ of leading information security risk assessments, vendor risk management programs, developing information security awareness and education programs, and managing information technology or security projects.
5+ years’ of effectively managing a Cybersecurity team.
Advanced knowledge of systems design methodologies & development, including core infrastructure and enterprise-wide applications, as well as online applications, and web-based systems, voice and data communications technologies, security frameworks & methodologies, open architecture systems, common programming languages, open-source software, business intelligence, and data analytics.
Expertise in cybersecurity regulatory, compliance, and framework requirements, such as NIST, HITRUST, CIS, and ISO.
Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various security solutions.
Experience with the following cyber security domain areas:
Data encryption (rest, transit, memory)
Public Key Infrastructure (PKI) key management systems
Application security (secure coding, shift left)
Identity and access management program (MFA, SSO, LCM, IGA)
Data handling and classification
Firewalls
Network segmentation
Cyber resiliency
Data loss prevention