Chief Product Security Officer-HW/SW/Systems (Global) - Medical Division - Draeger Medical Systems, Inc. - Job-ID V000002306

Security, Computer, DOS, Linux, Windows, Development, Java, Networking, TCP, IP, VPN, Firewall, Hardware, ISO, Risk Management, CISSP, Quality, Systems, FDA, Software, Validation
Full Time
Work from home not available Travel required to 10%.

Job Description

What will you do
At Draeger, our work is dedicated to protecting, supporting and saving lives. We are looking for a talented individual to join our medical device team to help deliver new features and product enhancements that will improve patient outcomes and reduce the cost of medical care around the world.

The Chief Product Security Officer serves as the process owner of all product, system and cybersecurity activities related to the availability, integrity and confidentiality of Draeger Medical products. A key element of the CPSO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide product information security management program to ensure that Draeger is in compliance with all applicable regulatory agencies.
  • Develop, implement and monitor a strategic, comprehensive product information security management program
  • Work directly with the medical business units to facilitate common cybersecurity risk assessment and risk management processes
  • Develop and enhance a product information security management framework
  • Understand and interact with industry and customer key opinion leaders to ensure alignment with processes and procedures as well as identifying future trends.
  • Provide leadership across the product information security organizations
  • Partner with business stakeholders across the company to raise awareness of cybersecurity risk management concerns
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Performs other duties as needed and assigned
Who you are
Education: BS Cybersecurity, Computer Science or other technically related field; MS Cybersecurity or Computer Science a plus.

Related Experience:
  • 12 to 15 years' experience in product/device security as it relates to regulated systems.
  • 5 years of product development
  • 10+ years leadership experience along with up to date technical knowledge augmented with strong communication skills and the ability to re-focus complex projects and organizations. Excels in fast-paced, mission critical projects where timing, costs, and quality are the driving forces. Well respected and able to lead diverse teams to achieve difficult and complex objectives.

Special Competencies or Certifications

  • Expert knowledge of product security standards and principles including the following, at a minimum
    • Threats including DOS, man-in-the-middle, malware (e.g. ransomware, viruses), spoofing, tampering, repudiation, elevation of privilege, information disclosure, physical product security attacks
    • Threat mitigation including encryption (e.g. TLS), authentication (e.g. PAKE), hardening of hardware interfaces
    • Threat modeling and vulnerability assessments
    • NIST cybersecurity publications (e.g. cybersecurity framework, risk management framework, SSDF)
  • Expert knowledge of development technologies especially within the context of product security including:
    • Operating systems (e.g. Linux, Windows, RTOSs)
    • Development languages (e.g. C, C++, Java)
    • Secure coding practices
    • Networking (e.g. TCP/IP, routing, switching, security architecture development, VPN, IoT)
    • Firewall implementation
    • Intrusion detection / prevention
    • Hardware security implementation
  • Expert knowledge of electronic and electro-mechanical product security
  • Expert knowledge in defining and implementing requirements, architecture, and design at the product and enterprise level for high-technology environments
  • Expert knowledge of safety risk management especially as it relates to product security (e.g. Mil Std 629A, NASA Fault Tree Handbook, SAE J1739, preferred medical device publications below)
  • Expert knowledge of safety-critical systems development and maintenance within a regulated environment (e.g. medical device, aviation, military, automotive) including relevant regulations, standards, and guidance (e.g. DO-178C
  • Expert knowledge defending processes (e.g. product submissions, audits, inspections)

  • Expert knowledge of medical device risk management standards and guidance (e.g. ISO 14971, AAMI TIR32, IEC/TR 80002-1, IMDRF Risk Management Guidance)
  • Working knowledge of software development and infrastructure models and standards (e.g. CMMI, ITIL, COBIT)
  • Working knowledge of HIPAA and GDPR
  • Expert knowledge of medical device development and product security in SaMD, electro-mechanical, and software resident in medical device environments
  • Relevant certifications (e.g. CISA, CISM, CSQA, CCISO, CISSP)
  • Expert knowledge defending Quality Systems in a medical device environment (e.g. product submissions for CE marking, FDA 510(k) or PMA submissions, Notified Body audits, FDA inspections, MDSAP audits)
  • Working knowledge of medical device development regulations (e.g. 21 CFR Part 820, CMDR, JPAL, TGA, EU MDR), standards, and guidance (e.g. IEC 62304, IEC 82304, FDA General Principles of Software Validation, FDA Design Controls Guidance, ISO 13485, EU MDR, IEC 60601, TGA SaMD Guidance, Health Canada SaMD Guidance, IMDRF guidances, AAMI TIR45)

Work Environment / Conditions: 20% - 30% travel, domestic and international

Internal code #LI-MC1 *MON*
Dice Id : RTX123184
Position Id : J000004506
Originally Posted : 6 months ago
Have a Job? Post it