Manager, Cybersecurity

---

Job description

Company Description:
Insmed is a global biopharmaceutical company on a mission to transform the lives of patients living with serious and rare diseases. Our most valuable resource is our employees, and everything we do is motivated by a patients-first mentality. We are dedicated to growing our team with talented individuals from around the world who are willing to challenge the status quo, solve problems, and work collaboratively with a sense of urgency and compassion.

Guided by our core values of collaboration, accountability, passion, respect, and integrity, we aim to foster an inclusive, diverse, and flexible work environment, where our employees are recognized for leaning in and rolling up their sleeves. If you share our vision and want to work with the most dedicated people in the biopharma industry, come to Insmed to accelerate your career.

Recognitions:

Consistently Ranked Science's Top Employer

Insmed is dedicated to creating a collaborative environment where our team can thrive. Every day, our employees turn their passion for science and research into innovative solutions for patients. That's why we've been named the No. 1 company to work for in the biopharma industry in Science's Top Employers survey for four years in a row.

A Certified Great Place to Work

We believe our company is truly special, and our employees agree. In July 2024, we became Great Place to Work-certified in the U.S. for the fourth year in a row. We are also honored to have been listed on the Best Workplaces in Biopharma , Best Workplaces in New York , PEOPLE Companies That Care, Best Workplaces for Women , Best Workplaces for Millennials , and Best Medium Workplaces lists.

Overview:
Reporting to the Associate Director, IT Cybersecurity, the Manager of Cybersecurity will be responsible for information security operations, to include implementation, utilization, and hands on management/operation of cybersecurity tools, applications, and business intelligence. As part of the Cybersecurity team, the selected candidate will be responsible for assisting with and at times leading development, implementation, oversight, and optimization of the organization's cybersecurity (tools, technologies, methodologies) to ensure that information security policies, standards and practices are in place to manage risk to the enterprise effectively. The selected candidate will also assist in the development of Insmed's cybersecurity program to define and deliver reliable, secure, and scalable network systems, processes, and other services.

Responsibilities:
Responsible for developing, implementing, and executing information security and vulnerability assessments, testing applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; performs risk analysis and recommends remediation for deficiencies. Tracks and reassess remediation(s) to ensure compliance with policies and operational standards.

Manage vulnerability assessment and offensive security operations, including the conduct of comprehensive security assessments, and development of strategies to mitigate risks and enhance the security posture of the organization.

Identify, analyze, and prioritize security vulnerabilities and threats.

Develop and implement strategies to mitigate identified vulnerabilities.

Execute security management tasks including the monitoring, installation, and activation of malicious software protection tools, applying security protocols to network connectivity, managing user identities and logical access, and providing security data as needed when investigations arise.

Expert level understanding of perimeter security controls, endpoint controls, and cloud environment controls.

Collaborate with other departments to ensure security measures are integrated into all aspects of the organization.

Stay up to date with the latest security trends, tools, and techniques.

Prepare detailed reports and presentations on assessment findings and recommendations.

Provide guidance and training to team members and other staff on security best practices.

Ensure compliance with relevant security standards and applicable State and Federal regulatory requirements.

Technical knowledge in some of the following domains in a cloud or on-premise context: routing/switching, stateful or next gen firewalls (NGFW), distributed denial of service (DDoS) mitigation, web application firewalls, intrusion detection / prevention systems (IDS/IPS), network segregation, security information and event management (SIEM), deceptive technologies, and other threat and vulnerability management capabilities.

Creating or securing cloud solutions for some of the following cloud / cloud security technologies: identity and access management (IAM), two-factor authentication (2FA), SIEM, public key infrastructure (PKI), network security, firewalls, IDS/IPS, anti-malware, email security, web content filtering, DDoS mitigation, endpoint detection & response, patch management, configuration management, data loss protection (DLP), application security, and other relevant cloud / cloud security technologies.

Strong understanding of Cloud Security (GCP, AWS, Azure).

Research and benchmarks industry-leading security practices and tools, validating the organization is protected with industry-leading security solutions and services. Examine new technologies' impact on the organization's overall information security posture. Develop processes to review new technologies and ensure security compliance.

Align business requirements and security technology to protect the network perimeter, cloud, internal network and endpoints from cyber threats, malware and data loss.

Participate in architecture reviews to drive adoption of security controls as part of IT, cloud and digital projects and to integrate security requirements as part of the IT project management lifecycle.

Designing end-to-end security architectures for complex IT environments.

Evaluating and recommending security products and technologies as part of overall IT governance.

Creating detailed solution designs and technical specifications.

Collaborating with cross-functional teams to integrate security solutions.

Qualifications Undergraduate degree or equivalent education in Computer Science, Information Security, Management Information Systems, or related field.

8+ years' experience in IT/Cybersecurity.

5+ years' experience developing, managing, and directing cybersecurity operations with planning and development requirements, to include assessing effectiveness of such programs (Red/Blue Team operations would be a plus).

5+ years' experience with information security risk assessments, vendor risk management programs, developing information security awareness and education programs, and managing information technology or security projects.

Certifications - preferred but not required (e.g., MSCSE - Security, SCCP, OSCP, CEH, CISSP)

Knowledge, Skills & Attributes Proven analytical, strategic, and conceptual thinking and execution skills.

Advanced knowledge of systems design methodologies & development, including core infrastructure and enterprise-wide applications, as well as online applications, and web-based systems, voice and data communications technologies, security frameworks & methodologies, open architecture systems, common programming languages, open-source software, business intelligence, and data analytics.

Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various offensive and defensive security solutions.

Knowledge of security frameworks, standards, and compliance (e.g., NIST, HITRUST, CIS, ISO, OWASP).

Knowledge in implementation and use of security tools and technologies (e.g., Metasploit, Nessus, Burp Suite).

Experience with the following cyber security domain areas:

Data encryption (rest, transit, memory)

Public Key Infrastructure (PKI) key management systems

Security incident management and response (cybersecurity forensic skillset)

Application security (secure coding, shift left)

Identity and access management program (MFA, SSO, LCM, IGA)

Data handling and classification

Firewalls

Network segmentation

Cyber resiliency

Data loss prevention

Strong knowledge of operating system, application, network, and database security architectures.

Strong verbal and written communications skills including the ability to explain technical concepts and technologies to business partners.

Strong leadership, inter-personal, and collaboration skills.

Ability to collaborate, build relationships, and influence individuals at all levels within the organization and strong vendor management skills.

Strong problem-solving and trouble-shooting skills including the ability to identify and evaluate business threats and opportunities.

Able to work under pressure of time deadlines, be flexible, and able to shift resources and priorities as required.

Self-motivated and directed, team-oriented and skilled in working within a collaborative environment.

A continuous learner who has a thirst for keeping abreast of new and emerging technologies.

This position is required to work weekends and nights as necessary to ensure network availability and to support after regular business hours deployment of new systems, patches, fixes . click apply for full job details

<!– job description page –>