Security Architect

Client - FDA

This is with reference to the Hybrid Opportunity For Security Architect in Hercules, CA. Please advise if you have any consultant for this opportunity, along with the following details and updated copy of resume. Thanks for your time

• Full Name:
• Currently working:
• Current location With Zip code:
• Interview availability (Please share 2 timeslots):
• Start date availability:
• LinkedIn Link:
• Expected Hourly:
• Visa Status in US:

Security Architect

Hybrid Location: Hercules, CA

We are seeking a Security Architect to design, implement, and maintain secure systems and processes within an FDA-regulated medical device environment. The role focuses on overseeing Product Security Incident Response Team (PSIRT) processes for R&D while delivering critical security architecture artifacts, including Global System View, Multi-Patient Harm View, Updateability/Patch ability View, and Security Use Case View. The ideal candidate will drive proactive risk mitigation, ensure compliance with regulatory standards, and enhance the security posture of medical systems as well as cloud systems with patient safety as a core priority.

Key Responsibilities:

1. Security Architecture Development

• Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:
• Global System View: High-level design illustrating interconnected systems and data flows.
• Multi-Patient Harm View: Analyze and mitigate potential security threats leading to risks for multiple patients.
• Updateability/Patch ability View: Ensure systems support secure and timely updates/patches to address vulnerabilities.
• Security Use Case View: Define security requirements and controls based on specific use cases and threat models.
• Collaborate with cross-functional teams (Product, DevOps, IT, Regulatory) to integrate security into the product lifecycle.

2. Product Security Incident Response Team (PSIRT)

• Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities.
• Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.
• Work with engineering teams to implement fixes and ensure long-term improvements.

3. Risk Assessment & Compliance

• Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety.
• Ensure compliance with FDA cybersecurity guidelines, including premarket and post market regulatory expectations.
• Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits.

4. System Updateability & Patch ability

• Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.
• Establish automated processes for vulnerability scanning and remediation.

5. Collaboration & Stakeholder Communication

• Provide technical leadership and mentoring to engineering and operations teams on secure design principles.
• Communicate security risks, incidents, and mitigations to senior leadership and external regulators.

Qualifications: Required:

• Bachelor's degree in computer science, Information Security, or a related field.
• 7 years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).
• Proven experience leading PSIRT processes, vulnerability management, and incident response.
• Expertise in developing security architecture views and artifacts for complex systems.
• Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).
• Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.
• Knowledge of updateability/patch ability frameworks and secure development lifecycle (SDLC).

Preferred:

• Master's degree in technical field.
• Certifications: CISSP, CSSLP, CISM, or equivalent.
• Experience with cloud-based systems, IoT security, or medical device security.

Key Competencies:

• Strong analytical and problem-solving skills with a focus on patient safety.
• Ability to create detailed technical artifacts and communicate them effectively to both technical and non-technical stakeholders.
• Leadership and project management skills in cross-functional, collaborative environments.
• Excellent written and verbal communication skills

If you're passionate about building secure systems that protect patients and meet FDA regulatory standards, we encourage you to apply and join our team.

How will the candidate make an impact?

• The Security Architect will play a pivotal role in ensuring the security and resilience of systems in an FDA-regulated environment. By blending technical expertise with a deep understanding of compliance and patient safety, this candidate will:
• Strengthen Cybersecurity Posture: Develop robust security architectures and processes that minimize risks to patient safety and data integrity.
• Ensure Regulatory Compliance: Align systems and processes with FDA, IEC 81001, and global regulatory requirements to meet stringent compliance standards.
• Enhance Incident Response: Lead the Product Security Incident Response Team (PSIRT) to swiftly mitigate threats and ensure long-term security improvements.
• Drive Innovation in Design: Embed security into product development, ensuring secure-by-design principles are consistently applied.
• Foster Collaboration: Act as a bridge between technical teams and regulatory bodies to align business goals with security objectives.

What the candidate brings?

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 7 years of experience in cybersecurity, including architecture design in a regulated environment (preferably FDA, healthcare, or medical devices).
• Proven experience leading PSIRT processes, vulnerability management, and incident response.
• Expertise in developing security architecture views and artifacts for complex systems.
• Strong understanding of FDA cybersecurity requirements, standards (e.g., IEC 81001, NIST, OWASP, IMDRF etc.).
• Experience with risk analysis methodologies focused on patient safety and multi-patient harm scenarios.
• Knowledge of updateability/patch ability frameworks and secure development lifecycle (SDLC).