IT Security Engineer

Role Summary

Harmony Biosciences is recruiting for an IT Security Engineer in our Plymouth Meeting, PA location. This role is an operational and hands-on role to design, configure, maintain and manage Harmony Bioscience’s Cyber Security programs, including coordinating the Information Security solutions, strategic planning, and budgetary aspects of Harmony Biosciences' global information security program.

Responsibilities

• Manage security projects and provide expert guidance on security matters for other IT projects; design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Coordinate, measure, and report on the technical aspects of security project management; maintain a knowledgebase comprising a technical reference library and operational documentation for new security controls & services.
• Partner with Governance, Risk, & Compliance leaders to ensure that identified risks, vulnerabilities, and threats are mitigated within company risk tolerance in a timely manner.
• Work with the IT Infrastructure team to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and other information system components.
• Work with the CIO, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
• Work with the CIO, IT, and business stakeholders to manage table top exercises.
• Work as a liaison with cybersecurity and IT vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
• Continuously improve the global security program and security projects that address identified risks and business security requirements, including Data Privacy and follow laws such as GDPR, HIPAA, etc
• Act as an empowered representative of Harmony’s IT Security team during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans.
• Aid in the review and update of documentation for Harmony’s security policies and procedures.
• Actively participate in developing the goals, strategy, and methodologies of Harmony’s cyber program in alignment with the overall Information Security program strategy.
• Research, evaluate, implement, and manage applications, services, and controls for use by Harmony within the security architecture.
• Assist with the deployment and upkeep of the information security department’s website content as part of the IT intranet site.
• Assist setting up cloud applications, services, networks, and servers as required.
• List compliance tasks against accepted security controls by partnering with the Compliance team.
• Organize stakeholder meetings and program reviews to collect feedback and directional guidance.
• Strategize and define data security controls, risks, mitigation based on data classification and socialize and align with the business.
• Create, update, and impart security training content on a quarterly basis to Harmony company employees as well as external contractors.
• Align with the CIO and deliver on policies pertaining to Pen tests, Governance, managing vulnerabilities.
• Partner with the legal team to initiate and manage vendor contracts for Security related vendors.

Qualifications

• Required: High School Diploma
• Preferred: Bachelor's degree in information technology or related field
• Required: 8+ years of relevant IT security experience
• Required: Deep knowledge of Microsoft Entra, Microsoft Exchange, Microsoft Purview, Microsoft Identity and Security Architecture
• Preferred: Knowledge of Mimecast, Sophos Central, Rapid7, KnowBe4
• Preferred: Cybersecurity certifications such as CISSP, CCSP or CISM
• Preferred: Experience with Data Privacy
• Required: Strong written and verbal communication skills

Additional Requirements

• Travel: Up to 5% of the time.
• Noise level: Usually quiet in the work environment; may vary from relatively quiet (office) to moderate (manufacturing). Hearing protection will be required at times.
• Specific vision abilities required by this job include: Close vision.
• Manual dexterity required to use computers, tablets, and cell phone.
• Continuous sitting for prolonged periods.