|Location||San Dimas, CA|
|Date Posted||April 10, 2019|
Top Medical device manufacturer is seeking a Cyber Security Architect.
Primary Job Function
• Cybersecurity oversight for medical and non-medical products across division
• Medical devices risk management
• Cybersecurity assessments of medical devices & services
• Cybersecurity complaint handling for medical devices
• Deployment of cybersecurity technology
• Customer cybersecurity queries and communication
Core Job Responsibilities
• Develop best practices for the design of cyber secure medical devices.
• Coordinate with the division R&D teams to conduct security risk assessment of all medical devices & services, and develop mitigation plans.
• Coordinate with the division R&D teams to assess security on medical devices & services by conducting technical testing to identify and address security vulnerabilities.
• Define specific hardware and software architectures for our medical devices to reduce or eliminate cyber vulnerabilities
• Alignment of division R&D Product Cybersecurity Risk Management processes with R&D Safety Risk Management processes for medical devices
• Build a metrics program that leverages assessment data, internal and external vulnerability & threat intelligence sources, supplier data, and product profiles to provide insight into future trends.
• Provide leadership in the execution of a product cybersecurity strategy, including aligning with business and product strategy, gaining executive approval and support, and overseeing successful execution
• Collaborate with product R&D teams across division to create and maintain a Secure Product Development Lifecycle process to ensure that cybersecurity requirements/controls can be embedded within the product development process
• Develop and employ an ongoing product cybersecurity communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups through change management
• Build and maintain executive relationships necessary for the successful execution of the division product cybersecurity program. This includes:
• Developing and maintaining external and internal relationships to influence product cybersecurity policy, standards, and program
• Alignment with and incorporation of regulatory requirements
• Enhancing secure interoperability and communications with extended entities (internal and external)
• Stay abreast of changes in the business and product environment as well as the evolving regulatory and threat landscape
Position Accountability / Scope
This role reports to the Global Director, Information Security. Candidate is responsible for overseeing cross-functional activities that help product R&D teams build safe and secure medical devices & services that are compliant with industry regulation and meet customer and patient security/safety expectations. Candidate will be the key point of contact for all medical devices / products security related queries from frontline staff and managers, including product R&D teams across division.
BA/BS in Business, Engineering, Computer Science, or threat and risk management related disciplines. Master’s degree is desirable.
Minimum Experience/Training Required
• Previous work experience in a medical device cybersecurity role is required
• Experience with medical device certifications from government agencies is preferred
• Strong understanding of medical devices cybersecurity and the relationship between threat, vulnerability and potential customer risk in the context of risk management
• Strong understanding of medical product safety risk and the relationship with product cybersecurity risk
• Certifications such as CISA, CISM, CRISC, CISSP, CPP or CFE are preferred
• Four to six years of experience working in a medical device engineering or support is preferred
• Familiarity with FDA cybersecurity guidelines for medical devices
• Familiarity with design of medical devices such as optical lasers, hand held point of care devices, diagnostic devices etc. is a plus
• Deep understanding of industry standards such as the NIST Cybersecurity Framework, FedRAMP, RMF etc.
• Knowledge about the latest security technologies and tools used within the product security domain, such as PKI, firewalls, IDS/IPS, 2-factor authentication, network segmentation, etc. is highly desired
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178