Associate Director – Cyber Risk (AD-CR) directly reports to Incyte CISO and is responsible for identifying, cataloging, prioritizing, and managing Cyber risks, in line with NIST Cybersecurity Framework (CSF) and Risk Management Framework (RMF).
Job Summary(Primary function)
Broad responsibilities include conducting risk assessments, managing penetration tests and cybersecurity assessments, vendor risk management, incident response readiness, vulnerability management, maintaining and managing cyber risk inventory and enhancing user awareness against cyber risks.
AD-CR prepares and maintains comprehensive cybersecurity program documentation, including policies, standards, guidelines, procedures, and metrics.
Essential Functions of the Job (Key responsibilities)
Identify, quantify, and manage cyber risks:
Conduct regular risk and security assessments and benchmarking comparisons, following NIST frameworks, such as CSF and RMF
Maintain a comprehensive risk inventory, using an eGRC service and aligned with corporate risk management program.
Implement preventive, protective, and detective controls:
Prioritize mitigation strategies to address identified risks
Continuously improve security posture through effective control implementation.
Manage third-party cyber risks:
Maintain an effective third-party risk management (TPRM) program.
Conduct thorough cybersecurity assessments of vendors and third parties and contracts.
Monitor and manage key vendor risk profiles on an ongoing basis
Continuously enhance incident response capabilities:
Maintain incident response plans and playbooks.
Conduct tabletop exercises and simulations to test preparedness.
Improve readiness for efficient and swift recovery from potential security incidents.
Oversee vulnerability management program:
Proactively identify vulnerabilities and missing patches across IT assets.
Monitor findings identified by third-party scoring services and facilitate issue resolution to keep the scores at high levels
Continuously improve vulnerability management processes and tools.
Conduct security reviews and assessments:
Assess and assure secure design and implementation of on-premises, cloud-based infrastructure (IaaS/PaaS), SaaS and mobile applications, websites, and portal systems and services
Provide recommendations to strengthen security across diverse technologies.
Develop and maintain Cybersecurity policies, procedures, and documentation
Work with CISO in developing and implementing policies, guidelines, standards, processes, procedures, in line with NIST CSF
Develop and continuously improve Cybersecurity Metrics and Reporting
Manage training and Cybersecurity User Awareness activities
Select and deploy Cybersecurity training courses to the users on an ongoing basis
Manage the LMS (Learning Management System) for Cyber training
Conduct special programs to mark the Cybersecurity Awareness Month
Qualifications (Minimal acceptable level of education, work experience, and competency)
Bachelor’s Degree in Computer Science or related field
Experience: 10+ years of experience in cybersecurity risk management, including leadership roles.
Technical Expertise: In-depth knowledge of NIST Cybersecurity and Risk Management Frameworks, vulnerability management, incident response, and vendor risk management.
Analytical Skills: Ability to analyze data and identify security trends and risks.
Problem-Solving: Strong ability to solve complex problems and make sound decisions under pressure.
Innovation: Ability to think creatively and develop new approaches to cybersecurity challenges.
Certifications: Relevant cybersecurity certifications (e.g., CISSP, CISM, CRISC) preferred.
Education: Master's degree in cybersecurity, computer science, or related field preferred.
Experience: Experience in Life Sciences industry
Project Management: Experience in managing security projects.
Disclaimer: The above statements are intended to describe the general nature and level of work performed by employees assigned to this job. They are not intended to be an exhaustive list of all duties, responsibilities, and qualifications. Management reserves the right to change or modify such duties as required.
Learn more at:
During the process, you may be asked to respond to questions that will screen out your application if you do not meet certain objective criteria required by the job. You can learn more about this process