Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.
We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!
Job Title: Cyber Risk Analyst
Position Overview
This role will support the global Technology Risk Management function within the Security and Privacy Organization of Insulet's Technology department. This role will be required to collaborate across IT and the business to identify, assess, manage, and monitor cybersecurity risks. This function will be highly risk-based and customer-centric.
Responsibilities
Participate in the maintenance and continuous improvement of the IT Risk & Controls framework based on knowledge of the business, threat landscape, and various cybersecurity frameworks (including those published by the National Institute of Standards and Technology)
Utilize IT and Cyber Risk subject matter expertise, understanding of the medical device industry, and collaboration with peers to properly advise on suitable mitigating controls through established IT Risk Assessment processes and procedures; participate in maintenance and updates of these processes and procedures
Quantify and prepare metrics to demonstrate residual risks, prioritize remediation actions, and/or outline and facilitate criteria for risk acceptance
Participate in the maintenance and continuous improvement of an IT Risk Assessment intake process for new or modified applications/services that could present IT or cybersecurity risks to the organization
Track open issues in the Risk Register and hold business owners accountable for completing risk mitigation activities
Aid in advising legal and procurement on IT security language of vendor contracts, provide feedback, and work across departments and/or vendor as needed
Manage the scoping and execution of risk-based assessments of third-party vendors for cybersecurity risks, to include validation of certifications (e.g. SOC 2 Type 2, CMMC, ISO27001 ISMS, Cyber Essentials Plus, etc.) and related control requirements as appropriate
Participate in the development of a controls testing approach to provide assurance on the coverage, design, and operating effectiveness of IT Controls
Prepare Key Risk Indicator data for dashboards and metrics, which may include explaining risks in business/non-technical terms
Make data-driven decisions based on all available data and experience, even when no obvious answer is presented
Collaborate with other departments to make IT risk decisions, including but not limited to R&D, Infrastructure & Operations, Legal, Enterprise Risk Management, Regulatory, Quality, Procurement, and Manufacturing
Education & Experience
Bachelor's degree or related experience in IT, MIS, computer science, or related technology discipline
3 - 5 years IT/Cyber Risk Management experience in a highly regulated industry, along with a demonstrated understanding of how IT risk must be balanced to support and enable the success of the business
Strong understanding and applied knowledge of cybersecurity risk and control frameworks such as NIST CSF, NIST 800-53, CMMC, ISO 27K series, CIS Critical Security Controls, CSA Cloud Control Matrix, Cyber Essentials Plus etc.
Experience with cloud computing and AWS and Azure services
General understanding of networking and associated protocols
Ability to solve problems through communication and compromise across technical and non-technical audiences, without sacrificing the proper risk mitigation or acceptance criteria
Proactive in the identification of potential problems and proposal of solutions
Willingness to pursue related certifications (CRISC, CISM, CISSP, etc.)
Preferred Skills and Competencies
Experience with MITRE ATT&CK and Cyber Kill Chain, including Tactics, Techniques, and Procedures (TTPs)
Experience with Threat Modeling
Experience building and/or supporting a Unified Control Framework
Exposure to penetration testing and purple teaming activities
Location: Remote (US)
Travel Requirement: Up to 10%, currently only domestic for business meetings, corporate events, and seminars
NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote #Li-AS1
Additional Information: The US base salary range for this full-time position is $80,200.00 - $120,550.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.
At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.