Key skills
Cyber SecuritySwiftMentoringCommunicationPenetration Testing
About this role
Role Overview
- Engage in continuous professional development to stay updated with the latest cybersecurity trends and threats specific to medical devices and health software products.
- Contribute to OU and enterprise product security strategy that aligns with industry best practices and regulatory requirements
- Lead efforts to embed security into the product development lifecycle, ensuring that security considerations are integrated from design through deployment.
- Systematically perform threat modeling, security risk evaluations, and vulnerability assessments to highlight and mitigate potential security threats throughout the product lifecycle.
- Aid in devising and deploying secure medical device solution architectures and product designs, considering factors such as secure boot, secure communications, data protection, secure updates, secure integration, and access controls
- Maintain and enforce security standards, policies, and procedures for medical device systems and product development.
- Oversee security testing activities, including penetration testing, vulnerability scanning, and code reviews
- Drive and promote security awareness and training across cross-functional product development teams to foster a security-conscious culture
- Ensure compliance with industry standards and regulations related to medical device and health software product security, such as NIST, IEC 60601-4-5, IEC 81001-5-1, and others.
- Evaluate third-party vendors and suppliers for their security practices and ensure they meet our security requirements
- Lead and support the effective response to security incidents, ensuring swift resolution, proper mitigation, and clear communication to stakeholders, including customers when needed.
- Maintain detailed documentation of security best practices, guidance, configurations, design patterns, shared service designs, inventories, incident response plans, security architectures, and reports
Requirements
- Bachelor’s degree or higher (completed and verified prior to start)
- Minimum 10 years of relevant experience or advanced degree with a minimum of 8 years of relevant experience.
- Minimum 5 years of embedded device product security experience in a regulated industry
- Ability to adapt to the fast-evolving cybersecurity landscape and implement proactive strategies.
- Demonstrated aptitude in identifying challenges and providing innovative solutions.
- Experience in mentoring and leading junior security engineers, fostering growth within the team.
- Demonstrated experience in staying updated with evolving regulations in the medical device sector.
- Industry-recognized certifications such as [CISSP, CSSLP, CISM] are highly desirable
- Proficiency in secure coding methodologies and standards
Tech Stack
- Cyber Security
- Swift
Benefits
- Health, Dental and vision insurance
- Health Savings Account
- Healthcare Flexible Spending Account
- Life insurance
- Long-term disability leave
- Dependent daycare spending account
- Tuition assistance/reimbursement
- Simple Steps (global well-being program)
- Incentive plans
- 401(k) plan plus employer contribution and match
- Short-term disability
- Paid time off
- Paid holidays
- Employee Stock Purchase Plan
- Employee Assistance Program
- Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
- Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)