920 Winter St Greater Boston Area, Massachusetts 02451
Position: Cybersecurity Director
Location: Greater Boston Area, MA
PURPOSE AND SCOPE:
The Cybersecurity Director establishes and maintains a security stance through policy, standards, architecture and training processes on products and services developed by the Global Research & Development (GRD) group. This role serves as a principal global owner of cybersecurity risk analyses and mitigation for hemodialysis and peritoneal dialysis medical device products and related services. Other tasks will include partnering with the existing corporate security governance policy and processes, collaborating with cross-functional project teams, and the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. This role is distinct from the corporate security scope.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Maintain clear and concise documentation for standard R&D security development practices that could be reviewed by regulatory bodies (policies, standards, guidelines and procedures).
- Develop and maintain the Global R&D security architecture design, including coding guidelines and reviews.
- Create and maintain the Global R&D security awareness training program.
- Lead in steering the security program to adopt new and current laws and regulations around the globe (North America, Europe, Asia-Pacific, and Latin America).
- Maintain up-to-date knowledge of the global IT security industry in regards to hemodialysis and peritoneal dialysis and related products and personal health information including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall security.
- Assess the risk of new and current medical devices, treatment services, and digital solutions (Cloud-based services, Mobile Applications, IoT Services, etc.).
- Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through medical devices, treatment services, and in databases and other data repositories developed by GRD.
- Partner with cross-functional project teams and other software and device engineering groups to influence the adoption of security standards and procedures.
- Participate in investigations into problematic activity and provide on-going communication with senior management.
- In the event of a security incident, lead Event Management coordination and communications to executives and appropriate stakeholders
- Participate in strategic software code reviews.
- Oversee the design and execution of vulnerability assessments, penetration tests and security audits.
- Perform regular security awareness training to ensure consistently high levels of compliance with security policy.
- Coach, mentor, and foster teamwork, including on boarding new engineering staff members.
- Aligning and collaborating with fellow security professionals (CSIO, Protection/Security Law, etc.).
- Develop and maintain Cybersecurity metrics and scorecard for senior management.
- Other duties as assigned.
Additional responsibilities may include focus on one or more departments or locations. See applicable addendum for department or location specific functions.
PHYSICAL DEMANDS AND WORKING CONDITIONS:
- The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Approximately 20% global travel required.
Bachelor’ s Degree in Computer Science, Information Security or Cybersecurity or related field
EXPERIENCE AND REQUIRED SKILLS:
- 5 - 10 years related management experience in cybersecurity
- Industry certifications
- Management level
- Certified Information Security Manager (CISM) - Preferred
- Practitioner-level - Pluses
- Certificate of Cloud Security Knowledge, Security+, OSCP, CEH, CISSP (or Associate)
- Knowledge and understating of Medical Device Regulation, Quality, and Design Controls (ISO 13485, ISO14971, FDA 21 CFR 820.30) Preferred.
- Knowledge of a cybersecurity framework a plus (Ex. NIST SP 800, ISO 27000, NIST CSF)
- Strong communication and presentation skills both across technical and non-technical audiences, both written and in-person.
- Ability to partner with a diverse set of global groups
- Proven record of establishing security policy, policy enforcement, proactive risk identification and solution mitigation.