Director of Information Security Officer
For a successful Medical Devices company we are looking for Director CISO
The Director will report directly to the Vice President and Chief Information Security Officer within the global Information Security team. This role will be responsible for a combination of implementing global information security programs in the org as well as leading security efforts that are unique to the org business unit.
Build relationships across org while paying specific attention to stakeholders within the org business unit to ensure all aspects of Information Security team programs are operating effectively.
Support global Application Security, Identity and Access Governance, Security Operations, and Technology Governance, Risk, and Compliance programs as they apply to org systems, employees, contractors, etc. Tailor these programs as necessary to meet the local org needs.
Support global programs to ensure compliance with regulations impacting org operations including SOC2, SOX, PCI, HIPAA, FDA, GDPR, EU MDR, China Cyber Security Law (CSL), and other global cyber and data privacy laws and regulatory requirements impacting org operations as necessary.
Regularly assess the security of org systems, including both back-end systems and org scanners distributed around the world.
Ensure that security and compliance requirements are documented, regularly reviewed, and considered as part of new org product releases.
Direct org Security team members’ activities to focus on key priorities that ensure the security of the org ecosystem.
Engage regularly with org business and technical leadership to educate them on current security risks in the industry as well as risks and vulnerabilities specific to the org ecosystem.
Provide security education and awareness to org employees and contractors as necessary.
Engage with external and internal auditors as needed to support technology audits impacting org's operations.
Coordinate initiatives which impact org from global Technology Governance, Risk and Compliance programs such as Customer Requests, Project Guidance and Release Oversight, Risk Assessments (Vendor, Site, Applications), and Business Resiliency.
Manage medical device cybersecurity report and product security documentation per Scanner version and various associated cybersecurity reports supporting various country-specific regulatory requirements (e.g. United States FDA, China NMPA, Taiwan FDA, etc.). This includes ensuring requirements and testing documentation maintained by the quality and technology teams accurately maps to cybersecurity controls along with monitoring that post-market monitoring cybersecurity requirements are met.
Coordinate initiatives which impact org from global Application Security programs such as Static Application Testing, Dynamic Application Testing, Interactive Application Testing, Application Security Requirements & Training, and Bug Bounty Program.
Coordinate initiatives which impact org from global Security Operations programs such as Threat Intelligence, Threat Monitoring, Incident Response, Vulnerability Management, Network Security, and Penetration Testing.
Coordinate initiatives which impact org from global Identity & Access Governance programs such as Identity Management, Access Management, Privileged Access, Multi-factor Authentication, and Access Automation
Bachelor’s degree in Information Technology, Engineering, Computer Science, other technical degree - or equivalent work experience.
10+ years of experience in the information security field, with at least 5 years of management experience.
Ideally, experience with medical devices and their related security and regulatory landscape.
Previous experience with building out and managing security and/or compliance programs.
Strong English speaking skills with experience working at a global company.