Insulet started in 2000 with an idea and a mission to enable our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients by using innovative technology that is wearable, waterproof, and lifestyle accommodating.
We are looking for highly motivated, performance driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!
Position Overview:
This role will support the global Cyber Risk function within the Security and Privacy Organization of Insulet’s Technology department. This role requires a strong balance of technical risk understanding, business context, and collaboration skills, with the ability to independently lead risk activities while influencing stakeholders across multiple functions.
Responsibilities:
System & Technology Risk Assessments
Independently lead end‑to end system risk assessments for applications, platforms, and infrastructure, including ‑business critical and ‑high risk‑ systems.
Assess risks aligned to internal standards and industry frameworks (e.g., NIST CSF, ISO 27001/27002), ensuring consistent and defensible outcomes.
Identify control gaps, evaluate inherent and residual risk, and recommend pragmatic remediation options.
Partner with system owners, engineering, and architecture teams to identify applicable risks, control gaps, and remediation options.
Act as a point of escalation for complex or higherrisk‑ assessments, supporting prioritization decisions.
Enterprise Cyber Risk Register Ownership
Own and maintain assigned portions of the enterprise cyber risk register, ensuring highquality‑ risk statements, consistent scoring, and clear remediation tracking.
Drive risk lifecycle activities, including risk intake, treatment planning, acceptance, and closure.
Monitor remediation progress and partner with control owners to address delays or blockers.
Identify risks that exceed tolerance and support risk escalation and acceptance processes with leadership.
Lead the development of a controls testing approach to provide assurance on the coverage, design, and operating effectiveness of IT Controls.
Incident Response & Risk Integration
Actively collaborate with the Incident Response team during security incidents to support:
Risk impact analysis and business context
Identification of control or process weaknesses
Lead and contribute to postincident‑ risk analysis, ensuring outcomes are reflected in system risk assessments, risk register entries, and broader risk posture.
Help ensure incident learnings translate into sustainable risk reduction.
Cross functional influence & advisory
Serve as a trusted cyber risk advisor to technology, security, privacy, legal, and business stakeholders.
Influence riskbased ‑decisionmaking‑ without direct authority, balancing security, operational, and business needs.
Partner with Cyber Risk Governance, Internal Audit, and Compliance to ensure alignment and reduce duplication of effort.
Provide clear, concise risk summaries suitable for senior leadership and executive consumption when needed.
Metrics, Reporting & Program Maturity
Contribute to the development and refinement of risk metrics, dashboards, and trend reporting.
Identify opportunities to improve system risk assessment methodologies, templates, and GRC workflows.
Provide guidance and mentorship to junior analysts and peers on risk assessments and stakeholder engagement.
Collaborate with other departments to make IT risk decisions, including but not limited to R&D, Infrastructure & Operations, Legal, Regulatory, Quality, Procurement, and Manufacturing.
Education & Experience
Bachelor’s degree or related experience in IT, MIS, computer science, or related technology discipline (preferred).
5 - 8 years IT/Cyber Risk Management experience in a highly regulated industry, along with a demonstrated understanding of how IT risk must be balanced to support and enable the success of the business (preferred).
Good understanding and applied knowledge of cybersecurity risk and control frameworks such as NIST CSF, NIST 800-53, CMMC, ISO 27K series, CIS Critical Security Controls, CSA Cloud Control Matrix, Cyber Essentials Plus etc.
Demonstrated experience leading system / application risk assessments in large or complex environments.
Experience maintaining or managing an enterprise cyber risk register.
Exposure to cybersecurity incidents and postincident‑ analysis.
Ability to solve problems through communication and compromise across technical and non-technical audiences, without sacrificing the proper risk mitigation or acceptance criteria.
Proactive in the identification of potential problems and proposal of solutions.
· Willingness to pursue related certifications (CRISC, CISM, CISSP, etc).
Preferred Skills and Competencies
Experience in regulated or highly riskaware‑ environments.
Experience in implementing and monitoring cyber security controls.
Experience building and/or supporting a Unified Control Framework.
Exposure to penetration testing and purple teaming activities.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills.
Experience with GRC platforms (e.g., OneTrust, Archer, ServiceNow GRC, or similar).
Familiarity with risk metrics, reporting, and executive summaries.
Travel Requirement: Up to 10% for business meetings, corporate events, and seminars. Primarily domestic with potential for international travel where there is a specific business requirement.