Cyber Risk Assurance Analyst

Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.- We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on itJob Title: Cyber Risk Assurance AnalystDepartment: IT Risk & CompliancePosition OverviewThis role will support the global Cyber Risk function within the Security and Privacy Organization of Insulet’s Technology department. This role will be required to collaborate across IT and the business to identify, assess, manage, and monitor cybersecurity risks.Responsibilities may include:- Participate in the maintenance and continuous improvement of the IT Risk & Controls framework based on knowledge of the business, threat landscape, and various cybersecurity frameworks (including those published by the National Institute of Standards and Technology).- Participate in the quantification and preparation of metrics to demonstrate residual risks, prioritize remediation actions, and/or outline and facilitate criteria for risk acceptance.- Track open issues in the Risk Register and hold business owners accountable for completing risk mitigation activities.- Aid in advising legal and procurement on IT security language of vendor contracts, provide feedback, and work across departments and/or vendor as needed.- Participate in the scoping and execution of risk-based assessments of third-party vendors for cybersecurity risks, to include validation of certifications (e.g. SOC 2 Type 2, CMMC, ISO27001 ISMS, Cyber Essentials Plus, etc.) and related control requirements as appropriate.- Participate in the development of a controls testing approach to provide assurance on the coverage, design, and operating effectiveness of IT Controls.- Prepare Key Risk Indicator data for dashboards and metrics, which may include explaining risks in business/non-technical terms.- Collaborate with other departments to make IT risk decisions, including but not limited to R&D, Infrastructure & Operations, Legal, Enterprise Risk Management, Regulatory, Quality, Procurement, and Manufacturing.- Provide security guidance to Engineering and Product teams on overall mobile product architecture security.Education & Experience- Bachelor’s degree or related experience in IT, MIS, computer science, or related technology discipline preferred- 1 - 3 years IT/Cyber Risk Management experience in a highly regulated industry, along with a demonstrated understanding of how IT risk must be balanced to support and enable the success of the business is preferred- Good understanding and applied knowledge of cybersecurity risk and control frameworks such as NIST CSF, NIST 800-53, CMMC, ISO 27K series, CIS Critical Security Controls, CSA Cloud Control Matrix, Cyber Essentials Plus etc.- General understanding of IAM, networking, cloud, encryption and other security controls is preferred- Ability to solve problems through communication and compromise across technical and non-technical audiences, without sacrificing the proper risk mitigation or acceptance criteria is preferred- Proactive in the identification of potential problems and proposal of solutions is preferred- Willingness to pursue related certifications (CRISC, CISM, CISSP, etc) is preferredPreferred Skills and Competencies- Experience in implementing and monitoring cyber security controls.- Experience with Threat Modeling is a plus- Experience building and/or supporting a Unified Control Framework is a plus- Exposure to penetration testing and purple teaming activities is a plus- Excellent analytical and problem-solving skills is a plus- Strong communication and interpersonal skills is plusNOTE: This position is eligible for hybrid working arrangements and requires on-site work from an Insulet office at least three (3) days per week. #LI-Hybrid