Senior Product Security Manager

JOB TITLE: Senior Manager, Product Security

JOB SUMMARY

Work as a part of the Global Cybersecurity leadership team providing support for both pre-market and post-market medical device systems and software products. Participate in a highly collaborative and diverse environment working closely with partners throughout the company and with the information security professional community of practice, particularly as it relates to medical devices and the healthcare ecosystem.

ESSENTIAL DUTIES

• Leads global product security practices by giving practice guidance to systems, hardware, embedded device software, and application software teams
• Leads the Implementation of roadmaps and project plans to support continuous improvement for product development teams
• Leads the development of standard operating procedures and work instructions for Secure-By-Design software development
• Educates and influences the engineering leadership and product development teams on good cyber practices and their role as a steward of product security. Provides thought leadership on and evangelizes to make cybersecurity a mindset embraced throughout the product development lifecycle
• Governs and enforces the effective implementation of product security practices in new product development and sustaining domains, including emphasis on security requirements and oversight/approval during design and other phase-gate related security reviews
• Develops and drives approaches to identify and prevent security vulnerabilities earlier in the development process in an automated scalable manner and work with engineering to deploy and utilize these approaches
• Oversees and leads post-market product cybersecurity activities such as coordinating customer communications, responding to customer product security assessments and questionaires, and directing incident response activities
• Collaborates with industry information sharing and analysis organizations (ISAO) for the sharing of cybersecurity threat intelligence and cyber best practices
• Ensures monitoring of industry cybersecurity threat intelligence

OTHER DUTIES AND RESPONSIBILITIES

• Provides technical leadership to team members, mentoring staff on the latest technology
• Supports vendor management as needed
• Travel to other company locations as needed

MINIMUM QUALIFICATION REQUIREMENTS

Education

Bachelor’s degree or, equivalent of education and experience sufficient to successfully perform the essential functions of the job may be considered.

Experience

Minimum 8 years’ experience

• Experience leading teams comprised of both technical and non-technical personnel
• Experience with FDA and other global regulators cybersecurity guidance for medical devices
• Experience with developing standard operating procedures (SOPs)
• Experience with medical device product cybersecurity regulatory submission requirements (globally)
• Familiarity with secure software-by-design lifecycle principles and practices

Skills

• Working knowledge of modern software development practices, strongly preferred
• Experience leading product and/or cyber security practices in a regulated industry or environment; knowledge of global standards and frameworks (ISO, NIST, FDA, ITIL, EUMDR, etc.) strongly preferred
• Professional certification in cybersecurity practices (CISSP or similar) preferred
• Demonstrates creativity and takes initiative in problem solving
• Experience using risk analysis and mitigation methodologies
• Quality and continuous improvement mindset
• Demonstrated ability to communicate effectively both verbally and in writing

-Or-

An equivalent competency level acquired through a variation of these qualifications may be considered.

PHYSICAL REQUIREMENTS

Typical Office Environment requirements include: reading, speaking, hearing, close vision, walking, bending, sitting, and occasional lifting up to 20 pounds.

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential duties of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.