Information Security Manager - Patient Monitoring - Draeger Medical Systems, Inc. - Job-ID P003

  • Draeger,
  • Andover, MA
Agile, Analysis, CISSP, Cryptography, Database, Development, Encryption, Excel, FDA, Hardware, IEEE, ISO, Manager, Management, Networking, PowerPoint, Project, Project Management, Protocols, Risk Management, Scrum, Security, Wireless
Full Time
Work from home not available Travel not required

Job Description

What will you do

At Draeger, our work is dedicated to protecting, supporting and saving lives. We are looking for a talented individual to join our patient monitoring team to help deliver new features and product enhancements that will improve patient outcomes and reduce the cost of medical care around the world.

This indivdual contributer serves as Subject Matter Expert responsible for ensuring current & future Draeger Monitoring & IT products comply with the DoD s Information Assurance (IA) Certification & Accreditation Process (DIACAP), US FDA, Homeland Security requirements as well as Global Standards IEC 62443-3-3( Network System Security), IEC TR 80001-2-2( Risk Management for IT ) and ISO IEC 27000 ( Information Security Management Systems). Responsible for the strategy and providing direction to the team for the analysis, development and risk assessment needed to mitigate vulnerabilities identified by network security scans. May take on certain individual contributor and/or project management responsibilities associated with DIACAP and Cybersecurity projects.

  • Act as SME for US Government/DoD Network Security, Application Security, Encryption & Cryptography. Act as the primary technical liaison with the US Government on these projects/matters. Act as the technical bridge between US Government and Draeger technical teams.
  • As a SME, ensure current & future Draeger M&IT products comply with the security & documentation requirements mandated by the above mentioned agencies/policies and standards, such as DIACAP and ), US FDA and Homeland Security requirements. Security policy compliance & reporting will be required throughout the product lifecycles. Define product and technical requirements and work with the technical teams during execution.
  • Generate the artifacts/documents/reports required to obtain US Air Force, Army & Navy Certifications & Accreditations.
  • Manage response to customer and regulatory requests with regard to information security services, mechanisms and safeguards, including regular communications with regulatory, privacy and legal stakeholders.
  • Perform network security scans of Draeger M&IT development & test environments using tools, such as eEye Retina, analyze results to assess compliance with DoDD 8500.2 Controls and US FDA and Homeland Security requirements, and develop mitigations & collaboratively plan/coordinate how best to implement the mitigations into affected Customer systems & Draeger M&IT development & test environments.
  • Provide guidance & expertise to ensure Draeger M&IT teams are aware of DoD, US FDA and Homeland Security network security requirements & objectives. Lead the efforts to design security into the M&IT products, as well as leveraging already accepted secure IT products (i.e., Common Criteria) & processes into current products upgrades & future product designs including developing Product/System Requirement Specifications and Risk Management documents.
  • Support, attend, host Govt required security related meetings, teleconferences & test events (i.e., Security Test & Evaluations (ST&E))
  • Work with the Regions and across technology to ensure a solid understanding of information security requirements, identify current and/or potential security risks and develop, implement and drive security strategies, solutions, methodologies and/or policies to strengthen the effectiveness of the Information Security Management organization.
  • Develop, maintain and champion ISM requirements, policies, procedures and methodologies across the business and technology. Execute and/or oversee the design and implementation of mechanisms for education and governance to ensure organizational compliance with policies and procedures.
  • Maintain up-to-date business domain knowledge and expert technical skills in information security technology and methodology. Establish and maintain effective working relationships across business, operations and technology teams to credibly and collaboratively drive information security strategy and initiatives.
  • Performs other duties as needed and assigned.
Who you are

Education : Bachelors in Computer Science, MIS or Technology Forensics, or equivalent experience.

Related Experience :

  • 8+ years of experience with Network Security, Application Security, encryption & cryptography
  • Broad technical background including applications / systems development, enterprise networking, fire wall, storage, server infrastructure, database technologies, and operating systems and security.
  • Experience ensuring software/hardware solutions comply with Government network security requirements & standards, such as DIACAP, DISA STIGs, FIPS 140-2 and US FDA and Homeland Security requirements
  • Excellent written and verbal communication skills with an emphasis on confidentiality, tact and diplomacy. Effectively delivers technical information to non-technical audiences and vice versa.
  • Strong presentation skills with proven ability to successfully interface with and influence at all levels (executives and technical staff).
  • Ability to translate cyber security threats from a technical perspective to business-line understanding.
  • Familiarity with Microsoft Office (Word, Excel, Project & PowerPoint)
  • Agile (Scrum) development experience is a plus
  • Information Security certification preferred (CISSP, GIAC)
  • Experience with Federal Information Processing Standards Act reporting also preferred
  • Working knowledge of DoDD 8500.1, DoDD 8500.2, DoDI 8510.01, NIST SP 800.53 & NIST SCAP

Special Competencies or Certifications :

  • Information Security certification preferred (CISSP, GIAC)
  • Experience with Federal Information Processing Standards Act reporting also preferred
  • Working knowledge of DoDD 8500.1, DoDD 8500.2, DoDI 8510.01, NIST SP 800.53 & NIST SCAP
  • Working knowledge applying wireless standards (IEEE 802.x) & protocols (WPA2) into technical designs is a plus
  • Must be a US citizen with ability to obtain a security clearance

Dice Id : RTX123184
Position Id : P0036V074J01
Have a Job? Post it