Executive Director, Cybersecurity & Risk Management

Role Summary

The Executive Director, Cybersecurity & Risk Management will oversee cybersecurity operations, enterprise risk management, and the Computer Systems Validation (CSV) program. This role manages cross-functional teams and ensures regulatory compliance while maintaining operational excellence. Reporting to the Chief Information Officer, this position defines and executes Insmed’s enterprise cybersecurity and risk strategy. It requires a strategic, hands-on leader who can think globally, act decisively, and communicate complex risks in business terms to foster trust and resilience across the organization.

Responsibilities

• Strategic Leadership
  • Define, communicate, and execute Insmed’s cybersecurity and risk management vision, aligning with values, priorities, and regulatory commitments.
  • Present cybersecurity posture, threats, and key initiatives to the CIO, IT Leadership Team, Executive Committee, and Board as needed.
  • Establish governance frameworks and control structures aligned with NIST and FDA data protection standards.
  • Collaborate with Legal, Compliance, Clinical Operations, Quality, and R&D to proactively manage risk across the technology landscape and protect sensitive data.
  • Demonstrated experience leading a Computer Systems Validation team in a regulated environment is a plus.
  • Foster a culture of security accountability and awareness across the organization.
• Hands-On Technical Leadership
  • Lead and participate in cybersecurity operations including incident response, threat detection, vulnerability management, and risk remediation.
  • Architect and operationalize security solutions across cloud, data, and endpoints using zero-trust principles.
  • Act as a senior escalation point for major incidents, directing containment, recovery, and post-event reviews.
  • Guide adoption of AI-driven threat analytics, secure DevOps practices, and automated response frameworks.
  • Oversee penetration testing, red teaming, and risk assessments with actionable follow-up.
  • Stay engaged with emerging technologies and regulatory developments in healthcare cybersecurity.
  • Deep understanding of GxP, FDA 21 CFR Part 11, EU GMP Annex 11, and GAMP 5 is a plus; experience with CSV validation lifecycle is favorable.
  • Collaborate with Quality, IT, and business stakeholders to ensure systems are validated and compliant throughout their lifecycle.
  • Familiarity with documentation validation, audit readiness, and continuous improvement of CSV processes.
• Risk Management
  • Define and implement risk management policies and frameworks aligned with organizational objectives.
  • Conduct enterprise-level risk assessments and develop mitigation strategies.
• CSV Program Oversight
  • Oversee the CSV team, validation strategy, and continuous process improvement.
  • Ensure compliance with GxP regulations and industry standards.
  • Familiarity with validation documentation, audit readiness, and continuous improvement of CSV processes is a plus.
• Team & Organizational Leadership
  • Build, mentor, and inspire a high-performing cybersecurity organization with a focus on continuous learning.
  • Lead through influence, collaborating with IT, R&D, Quality, and Business Operations to embed security across initiatives.
  • Manage key vendor and service-provider partnerships to ensure performance and alignment with security objectives.
  • Drive operational excellence balancing strategic priorities with hands-on execution and measurable results.

Qualifications

• Minimum 15 years of progressive IT and cybersecurity experience, with at least 10 years in senior leadership roles managing enterprise-level programs.
• Hands-on experience in cybersecurity operations, engineering, or architecture.
• Proven ability to communicate with and present to Executive Management and Boards of Directors.
• Strong understanding of risk management, compliance, and audit processes within regulated industries, ideally biotechnology or pharmaceuticals.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related discipline (advanced degree preferred).
• Professional certifications such as CISSP, CISM, GIAC Security Leadership, CCSP; OSCP or other technical certifications a plus.

Education

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related discipline (advanced degree preferred).

Knowledge, Skills & Attributes

• Mission-driven mindset—understands that protecting systems and data protects patients.
• Strong executive presence and communication skills; can articulate complex cybersecurity risks to non-technical audiences.
• Deep technical proficiency across cybersecurity frameworks, cloud security, and identity management.
• Budget planning, vendor management, and strategic program delivery capabilities.
• Proven track record of driving change, innovation, and process excellence in regulated environments.
• Collaborative, influential, and empathetic leader who thrives in cross-functional partnerships.
• Continuous learner, staying ahead of emerging threats, technologies, and industry standards.

Additional Requirements

• This position may occasionally require evening or weekend work to support critical incidents, deployments, or maintenance activities.
• Hybrid or remote flexibility may be considered based on business needs.