The Director of Product Security is a key leadership role responsible for the strategic vision, execution, and oversight of the company's product security program. This executive will lead a dedicated team to manage the cybersecurity posture of our medical device portfolio throughout its entire lifecycle, from design and development through post-market surveillance.
Requirements
- Define and execute a comprehensive product security strategy that aligns with business priorities, FDA/MDR/524B expectations, and Quality Management System (QMS) requirements.
- Build, lead, and mentor a high-performing team of product security professionals, fostering their technical and leadership skills.
- Manage and allocate human and financial resources to achieve strategic objectives.
- Drive a'shift-left' security strategy, integrating security controls and best practices into all stages of the product lifecycle.
- Oversee a rigorous threat modeling program and lead cybersecurity risk assessments for all new and existing products.
- Champion DevSecOps principles and automate security controls and testing within CI/CD pipelines.
- Provide architectural guidance on secure design, including implementing security controls such as secure boot, firmware signing, and encryption.
- Ensure all required cybersecurity documentation, including risk assessments and SBOMs, is prepared and submitted for premarket applications (510(k), PMA).
- Manage the generation and maintenance of SBOMs and VEX (Vulnerability Exploitability eXchange) documents to ensure transparency and enable targeted, actionable risk management for regulators and customers.
- Act as the senior product security subject matter expert, representing the company during FDA and other international regulatory inspections.
- Oversee the post-market surveillance program to continuously monitor field devices for emerging threats and vulnerabilities.
- Lead and manage the security incident response process, including coordinated vulnerability disclosure, containment, root cause analysis, and remediation.
- Develop and execute plans for communicating security updates and patches to customers and stakeholders.
- Partner with R&D, Engineering, Quality, Regulatory Affairs, and Legal teams to embed security practices and ensure a comprehensive approach to product safety.
- Serve as the primary security consultant to the organization, articulating technical challenges and mitigation plans to senior management and external stakeholders in a clear, non-technical manner.
- Engage with customers, hospital IT/IS staff, and industry partners to translate technical requirements into business and clinical impact and build trust in the company’s products.
Benefits
- Health benefits – Medical, Dental, Vision
- Personal and Vacation Time
- Retirement & Savings Plan (401K)
- Employee Stock Purchase Plan
- Training & Education Assistance
- Bonus Referral Program
- Service Awards
- Employee Recognition Program
- Flexible Work Schedules
