Manager, Cybersecurity at Insmed Incorporated

Company Description

Insmed is a global biopharmaceutical company on a mission to transform the lives of patients living with serious and rare diseases. Our most valuable resource is our employees, and everything we do is motivated by a patients-first mentality. We are dedicated to growing our team with talented individuals from around the world who are willing to challenge the status quo, solve problems, and work collaboratively with a sense of urgency and compassion.

Guided by our core values of collaboration, accountability, passion, respect, and integrity, we aim to foster an inclusive, diverse, and flexible work environment, where our employees are recognized for leaning in and rolling up their sleeves. If you share our vision and want to work with the most dedicated people in the biopharma industry, come to Insmed to accelerate your career.

Recognitions

 

Consistently Ranked Science's Top Employer

Insmed is dedicated to creating a collaborative environment where our team can thrive. Every day, our employees turn their passion for science and research into innovative solutions for patients. That's why we've been named the No. 1 company to work for in the biopharma industry in Science's Top Employers survey for four years in a row.

 

  

 

 

A Certified Great Place to Work®

We believe our company is truly special, and our employees agree. In July 2024, we became Great Place to Work-certified in the U.S. for the fourth year in a row. We are also honored to have been listed on the Best Workplaces in Biopharma™, Best Workplaces in New York™, PEOPLE® Companies That Care, Best Workplaces for Women™, Best Workplaces for Millennials™, and Best Medium Workplaces™ lists.

  

 

Overview

Reporting to the Associate Director, IT Cybersecurity, the Manager of Cybersecurity will be responsible for information security operations, to include implementation, utilization, and hands on management/operation of cybersecurity tools, applications, and business intelligence. As part of the Cybersecurity team, the selected candidate will be responsible for assisting with and at times leading development, implementation, oversight, and optimization of the organization's cybersecurity (tools, technologies, methodologies) to ensure that information security policies, standards and practices are in place to manage risk to the enterprise effectively. The selected candidate will also assist in the development of Insmed's cybersecurity program to define and deliver reliable, secure, and scalable network systems, processes, and other services.

Responsibilities

• Responsible for developing, implementing, and executing information security and vulnerability assessments, testing applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; performs risk analysis and recommends remediation for deficiencies. Tracks and reassess remediation(s) to ensure compliance with policies and operational standards. 

• Manage vulnerability assessment and offensive security operations, including the conduct of comprehensive security assessments, and development of strategies to mitigate risks and enhance the security posture of the organization. 

• Identify, analyze, and prioritize security vulnerabilities and threats. 

• Develop and implement strategies to mitigate identified vulnerabilities. 

• Execute security management tasks including the monitoring, installation, and activation of malicious software protection tools, applying security protocols to network connectivity, managing user identities and logical access, and providing security data as needed when investigations arise. 

• Expert level understanding of perimeter security controls, endpoint controls, and cloud environment controls. 

• Collaborate with other departments to ensure security measures are integrated into all aspects of the organization. 

• Stay up to date with the latest security trends, tools, and techniques. 

• Prepare detailed reports and presentations on assessment findings and recommendations. 

• Provide guidance and training to team members and other staff on security best practices. 

• Ensure compliance with relevant security standards and applicable State and Federal regulatory requirements. 

• Technical knowledge in some of the following domains in a cloud or on-premise context:  routing/switching, stateful or next gen firewalls (NGFW), distributed denial of service (DDoS) mitigation, web application firewalls, intrusion detection / prevention systems (IDS/IPS), network segregation, security information and event management (SIEM), deceptive technologies, and other threat and vulnerability management capabilities. 

• Creating or securing cloud solutions for some of the following cloud / cloud security technologies: identity and access management (IAM), two-factor authentication (2FA), SIEM, public key infrastructure (PKI), network security, firewalls, IDS/IPS, anti-malware, email security, web content filtering, DDoS mitigation, endpoint detection & response, patch management, configuration management, data loss protection (DLP), application security, and other relevant cloud / cloud security technologies. 

• Strong understanding of Cloud Security (GCP, AWS, Azure). 

• Research and benchmarks industry-leading security practices and tools, validating the organization is protected with industry-leading security solutions and services. Examine new technologies' impact on the organization's overall information security posture. Develop processes to review new technologies and ensure security compliance. 

• Align business requirements and security technology to protect the network perimeter, cloud, internal network and endpoints from cyber threats, malware and data loss. 

• Participate in architecture reviews to drive adoption of security controls as part of IT, cloud and digital projects and to integrate security requirements as part of the IT project management lifecycle. 

• Designing end-to-end security architectures for complex IT environments. 

• Evaluating and recommending security products and technologies as part of overall IT governance. 

• Creating detailed solution designs and technical specifications. 

• Collaborating with cross-functional teams to integrate security solutions. 
   

Qualifications  

• Undergraduate degree or equivalent education in Computer Science, Information Security, Management Information Systems, or related field. 

• 8+ years' experience in IT/Cybersecurity. 

• 5+ years' experience developing, managing, and directing cybersecurity operations with planning and development requirements, to include assessing effectiveness of such programs (Red/Blue Team operations would be a plus). 

• 5+ years' experience with information security risk assessments, vendor risk management programs, developing information security awareness and education programs, and managing information technology or security projects.  

• Certifications – preferred but not required (e.g., MSCSE – Security, SCCP, OSCP, CEH, CISSP)  

 Knowledge, Skills & Attributes  

• Proven analytical, strategic, and conceptual thinking and execution skills.  

• Advanced knowledge of systems design methodologies & development, including core infrastructure and enterprise-wide applications, as well as online applications, and web-based systems, voice and data communications technologies, security frameworks & methodologies, open architecture systems, common programming languages, open-source software, business intelligence, and data analytics. 

• Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various offensive and defensive security solutions. 

• Knowledge of security frameworks, standards, and compliance (e.g., NIST, HITRUST, CIS, ISO, OWASP). 

• Knowledge in implementation and use of security tools and technologies (e.g., Metasploit, Nessus, Burp Suite). 

• Experience with the following cyber security domain areas:  

• Data encryption (rest, transit, memory) 

• Public Key Infrastructure (PKI) key management systems  

• Security incident management and response (cybersecurity forensic skillset) 

• Application security (secure coding, shift left) 

• Identity and access management program (MFA, SSO, LCM, IGA) 

• Data handling and classification 

• Firewalls 

• Network segmentation 

• Cyber resiliency 

• Data loss prevention  

• Strong knowledge of operating system, application, network, and database security architectures.  

• Strong verbal and written communications skills including the ability to explain technical concepts and technologies to business partners. 

• Strong leadership, inter-personal, and collaboration skills. 

• Ability to collaborate, build relationships, and influence individuals at all levels within the organization and strong vendor management skills. 

• Strong problem-solving and trouble-shooting skills including the ability to identify and evaluate business threats and opportunities. 

• Able to work under pressure of time deadlines, be flexible, and able to shift resources and priorities as required. 

• Self-motivated and directed, team-oriented and skilled in working within a collaborative environment. 

• A continuous learner who has a thirst for keeping abreast of new and emerging technologies. 

• This position is required to work weekends and nights as necessary to ensure network availability and to support after regular business hours deployment of new systems, patches, fixes, and/or other enhancements. 

#LI-JT1 

Salary Range

$111,000 - $156,133 a year

Compensation & Benefits

We're committed to investing in every team member's total well-being, now and in the future. We offer a competitive total-rewards package to all employees around the world, including:

• Flexible approach to where and how we work, regionally based
• Competitive compensation package including bonus 
• Stock options and RSU awards
• Employee Stock Purchase Plan (ESPP)
• Flexible Vacation Policy
• Generous paid holiday schedule and winter break 

ADDITIONAL U.S. BENEFITS:

• 401(k) plan with company match
• Medical, dental, and vision plans
• Company-provided Life and Accidental Death & Dismemberment (AD&D) insurance
• Company-provided short and long-term disability benefits
• Unique offerings of pet, legal, and supplemental life insurance
• Flexible spending accounts for medical and dependent care
• Accident and Hospital Indemnity insurance
• Employee Assistance Program (EAP)
• Mental Health on-line digital resource
• Well-being reimbursement
• Paid leave benefits for new parents
• Paid time off to volunteer
• On-site, no-cost fitness center at our U.S. headquarters

Additional Information

Insmed Incorporated is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

 

Unsolicited resumes from agencies should not be forwarded to Insmed. Insmed will not be responsible for any fees arising from the use of resumes through this source. Insmed will only pay a fee to agencies if a formal agreement between Insmed and the agency has been established. The Human Resources department is responsible for all recruitment activities; please contact us directly to be considered for a formal agreement.

 

Insmed is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, please contact us by email at TotalRewards@insmed.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

 

Applications are accepted for 5 calendar days from the date posted or until the position is filled.