Cyber Risk Assurance Analyst (Remote/Flexible)

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.

Job Title: Cyber Risk Assurance Analyst

Department: IT Risk & Compliance

Job Level: P1

Position Overview

This role will support the global Cyber Risk function within the Security and Privacy Organization of Insulet’s Technology department.  This role will be required to collaborate across IT and the business to identify, assess, manage, and monitor cybersecurity risks. 

Responsibilities may include:

• Participate in the maintenance and continuous improvement of the IT Risk & Controls framework based on knowledge of the business, threat landscape, and various cybersecurity frameworks (including those published by the National Institute of Standards and Technology).
• Utilize IT and Cyber Risk subject matter expertise, understanding of the medical device industry, and collaboration with peers to properly advise on suitable mitigating controls through established IT Risk Assessment processes and procedures; participate in maintenance and updates of these processes and procedures.
• Participate in the quantification and preparation of metrics to demonstrate residual risks, prioritize remediation actions, and/or outline and facilitate criteria for risk acceptance.
• Participate in the maintenance and continuous improvement of an IT Risk Assessment intake process for new or modified applications/services that could present IT or cybersecurity risks to the organization.
• Track open issues in the Risk Register and hold business owners accountable for completing risk mitigation activities.
• Aid in advising legal and procurement on IT security language of vendor contracts, provide feedback, and work across departments and/or vendor as needed.
• Participate in the scoping and execution of risk-based assessments of third-party vendors for cybersecurity risks, to include validation of certifications (e.g. SOC 2 Type 2, CMMC, ISO27001 ISMS, Cyber Essentials Plus, etc.) and related control requirements as appropriate.
• Participate in the development of a controls testing approach to provide assurance on the coverage, design, and operating effectiveness of IT Controls.
• Prepare Key Risk Indicator data for dashboards and metrics, which may include explaining risks in business/non-technical terms.

Education & Experience

• Bachelor’s degree or related experience in IT, MIS, computer science, or related technology discipline or related relevant experience.
• 1 - 3 years IT/Cyber Risk Management experience in a highly regulated industry, along with a demonstrated understanding of how IT risk must be balanced to support and enable the success of the business.
• General understanding of IAM, networking, cloud, encryption and other security controls.
• Ability to solve problems through communication and compromise across technical and non-technical audiences, without sacrificing the proper risk mitigation or acceptance criteria.
• Proactive in the identification of potential problems and proposal of solutions.
• Willingness to pursue related certifications (CRISC, CISM, CISSP, etc).
   

Preferred Skills and Competencies

• Experience in implementing and monitoring cyber security controls.
• Experience supporting a Unified Control Framework.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Good understanding and applied knowledge of cybersecurity risk and control frameworks such as NIST CSF, NIST 800-53, CMMC, ISO 27K series, CIS Critical Security Controls, CSA Cloud Control Matrix, Cyber Essentials Plus etc.