Chief Product Security Officer
6 Tech Drive Greater Boston area, Massachusetts
Position: Chief Product Security Officer
Location: Greater Boston Area
Type: Direct Hire
Travel: 10% - 15% travel, domestic and international
Preferred: Med Device experience, FDA regulated industries like pharma, DoD, aerospace, other device product companies, etc.
The Chief Product Security Officer serves as the process owner of all cybersecurity activities related to the availability, integrity and confidentiality of Medical products. A key element of the CPSO' s role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide product information security management program to ensure that the organization is in compliance with all applicable regulatory agencies.
- Develop, implement and monitor a strategic, comprehensive product information security management program
- Work directly with the medical business units to facilitate common cybersecurity risk assessment and risk management processes
- Develop and enhance a product information security management framework
- Understand and interact with industry and customer key opinion leaders to ensure alignment with processes and procedures as well as identifying future trends.
- Provide leadership across the product information security organizations
- Partner with business stakeholders across the company to raise awareness of cybersecurity risk management concerns
- Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
- Performs other duties as needed and assigned
Education: BS Cybersecurity, Computer Science or other technically related field; MS Cybersecurity or Computer Science a plus.
- 12 to 15 years’ experience in product/device security or medical/hospital IT.
- Driven leader with up to date technical knowledge augmented with strong communication skills and the ability to re-focus complex projects and organizations. Excels in fast-paced, mission critical projects where timing, costs, and quality are the driving forces. Well respected and able to lead diverse teams to achieve difficult and complex objectives.
Special Competencies or Certifications:
- CISA: Certified Information Systems Auditor
- CISM: Certified Information Security Manager
- GSLC: GIAC Security Leadership
- CCISO: Certified Chief Information Security Officer
- CGEIT: Certified in the Governance of Enterprise IT
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSMP: Information Systems Security Management Professional
- Working knowledge of ISO 14971
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- ISO 27001 & 27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and/or PHP programming languages
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- TCP/IP, computer networking, routing and switching
- Network security architecture development and definition
- Knowledge of third party auditing and cloud risk assessment methodologies