|Location||Lake Forest, IL|
|Date Posted||April 3, 2021|
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals, and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.
The key to successful treatment and full recovery is often fast, accurate diagnosis. Abbott’s life-changing tests and diagnostic tools provide insights that enable smarter, faster decisions and transform the way the world is managing health.
Our pioneering technology spans the world of healthcare operations — with medical diagnostic instruments, tests, automation and informatics solutions for hospitals, reference labs, blood centers, emergency departments, physician offices and clinics.
Our location in Lake Forest, IL currently has an opportunity for a Cybersecurity Architect.
WHAT YOU’LL DO
This position is responsible for stewardship of the design, implementation, and maintenance of security principles and policies across the AlinIQ portfolio of cutting-edge medical and non-medical software and devices. The Cybersecurity Architect will serve as a Subject Matter Expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems. Key performance indicators for this role include assessing and maintaining compliance to security policies and standards, timely provisioning of product security assessments, and support for auditing of our secure product lifecycle for the AlinIQ portfolio of products. The role requires the ability to work in an environment that is fast paced, to work independently, and to apply the latest security design and tooling strategies available.
- The Cybersecurity Architect reports into the AlinIQ Product Research and Development organization. The Cybersecurity Architect is responsible for overseeing program cybersecurity practices and ensuring product teams build safe and secure products that are compliant with division, corporate, and industry regulation and meet customer and patient security expectations. The Cybersecurity Architect will be a key point of contact for product design, development, sales, and service teams.
- Responsible for establishing cybersecurity excellence for our Abbott AlinIQ product portfolio
- Responsible for applying an interdisciplinary, collaborative approach to plan, design, develop validate and verify cyber solutions across the product life cycle
- Responsible for establishing security requirements
- Responsible to provide cybersecurity risk assessment for customers
- Responsible to conduct cyber risk assessment activities including threat modeling, vulnerability analysis and analysis of mitigation solutions
- Responsible to develop, evaluate and analyze design constraints, trade-offs and detailed system and security design
- Responsible for working within a collaborative, multi-discipline environment to produce secure deliverable products as part of an Agile team
- Employ cybersecurity processes, methods, techniques and tools and assure their consistent application
- Drive efficiency through standardization, automation, documentation, and cross-training
- Analyze source code, test data, and security scan reports for vulnerabilities and develop/implement mitigations
- Define the security testing strategy for our portfolio of products
- Provide security process and technical support for commercial deployments of products worldwide
- Collaborate with product R&D teams to support compliance with product and infrastructure cybersecurity security risk management and vulnerability management processes and procedures, maintaining a secure product development lifecycle process
- Requires broad and deep technical experience related to studying and analyzing systems needs, systems development, systems process analysis, design, and re-engineering. The Specialist level will have highly developed skills and experience in business management, systems engineering, operations research, and management engineering.
- Keeps abreast of technological developments and application and uses that information to proactively initiate enhancements to mitigate future problems.
- Assess third-party manufacturer product cybersecurity programs as needed
- Build and maintain relationships necessary for the successful execution and sustainability of the product portfolio cybersecurity program
- Stay abreast of changes in the business and product environment as well as the evolving regulatory and threat landscape
- Ability to articulate technical discussions with internal and external stake holders / customers
- May require travel based on project needs
EDUCATION AND EXPERIENCE
- Associates degree required; Bachelor’s degree in Engineering, Computer Science, MIS, or related discipline strongly desired; Master’s degree desirable
- Minimum 4 years experience required; 7+ years of experience in secure product development lifecycle engineering strongly desired.
- Previous work experience in a product cybersecurity role is preferred
- Strong understanding of product cybersecurity and the relationship between threat, vulnerability and potential customer risk in the context of risk management
- Understanding of medical product safety risk and the relationship with product cybersecurity risk
- Familiarity with design of diagnostic medical devices is a plus
- Understanding of industry standards such as the NIST Cybersecurity Framework, FedRAMP, RMF, IMDRF, TIR-57 Principles for medical device security risk management, etc.
- Experience with secure configuration/hardening of systems
- Knowledge of securing Kubernetes and Docker Containers
- Knowledge of Oracle, Delphi and Windows (client server applications) a plus
- ISC2 CCSP Certified Cloud Security Professional, ITIL Certification(s), or CCNA/P is desireable
- Current AWS/Azure Certifications preferred, but not required
- Certifications such as CISA, CISM, CRISC, CISSP, CPP, CFE or SANS are preferred
- Experience in NIST Risk Management Framework and Software Assurance measures and practices preferred
- Experience in cryptographic standards and methods and detailed knowledge of cryptographic key management preferred
- Knowledge of DoD cybersecurity requirements, DISA STIGs, policies, and procedures preferred
- Knowledge about the latest methodologies for product cybersecurity risk assessment and vulnerability management and technologies and tools used within the product security domain is desired
- Experience in Atlassian suite – JIRA, Bitbucket and Confluence preferred
- Experience overseeing activities of other contributors a plus
- Must have strong interpersonal, analytical, problem solving and organizational skills, and the ability to independently work as a contributing member in a high-paced and focused team
- Strong written and verbal communication and presentation skills
WHAT WE OFFER
At Abbott, you can have a good job that can grow into a great career. We offer:
- Training and career development, with onboarding programs for new employees and tuition assistance
- Financial security through competitive compensation, incentives and retirement plans
- Health care and well-being programs including medical, dental, vision, wellness and occupational health programs
- Paid time off
- 401(k) retirement savings with a generous company match
- The stability of a company with a record of strong financial performance and history of being actively involved in local communities
Learn more about our benefits that add real value to your life to help you live fully: http://www.abbottbenefits.com/pages/candidate.aspx
Follow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.