IT Security Engineer

Role Summary

IT Security Engineer at Harmony Biosciences, Plymouth Meeting, PA. This is an operational and hands-on role to design, configure, maintain and manage Harmony Bioscience’s cyber security programs, including coordinating information security solutions, strategic planning, and budgetary aspects of the global information security program.

Responsibilities

• Manage security projects and provide expert guidance on security matters for other IT projects; design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Coordinate, measure, and report on the technical aspects of security project management; maintain a knowledgebase comprising a technical reference library and operational documentation for new security controls & services.
• Partner with Governance, Risk, & Compliance leaders to ensure that identified risks, vulnerabilities, and threats are mitigated within company risk tolerance in a timely manner.
• Work with the IT Infrastructure team to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and other information system components.
• Work with the CIO, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
• Work with the CIO, IT, and business stakeholders to manage table top exercises.
• Work as a liaison with cybersecurity and IT vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
• Continuously improve the global security program and security projects that address identified risks and business security requirements, including Data Privacy and follow laws such as GDPR, HIPAA, etc.
• Act as an empowered representative of Harmony‚Äôs IT Security team during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans.
• Aid in the review and update of documentation for Harmony‚Äôs security policies and procedures.
• Actively participate in developing the goals, strategy, and methodologies of Harmony‚Äôs cyber program in alignment with the overall Information Security program strategy.
• Research, evaluate, implement, and manage applications, services, and controls for use by Harmony within the security architecture.
• Assist with the deployment and upkeep of the information security department‚Äôs website content as part of the IT intranet site.
• Assist setting up cloud applications, services, networks, and servers as required.
• List compliance tasks against accepted security controls by partnering with the Compliance team.
• Organize stakeholder meetings and program reviews to collect feedback and directional guidance.
• Strategize and define data security controls, risks, mitigation based on data classification and socialize and align with the business.
• Create, update, and impart security training content on a quarterly basis to Harmony company employees as well as external contractors.
• Align with the CIO and deliver on policies pertaining to pen tests, governance, managing vulnerabilities.
• Partner with the legal team to initiate and manage vendor contracts for security related vendors.

Qualifications

• High School Diploma required; Bachelor's degree strongly preferred, focus in information technology or related field
• 8+ years of relevant experience within the IT security space
• Deep knowledge and understanding of Microsoft Entra, Microsoft Exchange, Microsoft Purview, Microsoft Identity and Security Architecture
• Knowledge of Mimecast, Sophos Central, Rapid7 & KnowBe4
• Cybersecurity Certification such as CISSP, CCSP or CISM
• Experience with Data Privacy
• Strong written and verbal communication skills

Skills

• Security project management
• Security testing and remediation
• Governance, Risk, & Compliance collaboration
• Security architecture and controls
• Vendor and contract management
• Policy development and training delivery
• Cloud security and infrastructure setup

Education

• High School Diploma; Bachelor's degree preferred in information technology or related field

Additional Requirements

• Travel up to 5% of the time
• Ability to work in environments ranging from office to manufacturing; hearing protection may be required at times
• Close vision and manual dexterity for computer use