Director of Product Security

WHO ARE WE?

Endotronix is a medical device company that aims to transform the treatment of heart failure , a chronic, progressive condition in which the heart is unable to pump enough blood to support the body. Our Cordella Heart Failure System (CHFS) includes proactive management tools for best practice care and detection of worsening heart failure. These easy-to-use tools improve patient quality of life and help to reduce hospital admissions thereby reducing health care costs. With our recent PMA approval from the FDA and acquisition by Edwards Lifesciences, we are growing our team – it’s a great time to join Endotronix!

WHAT YOU’LL DO

As the Director of Product Security you will report into the Global Information Security Program at Edwards/Endotronix. In this role you will serve as a key member of the product security leadership team and serve as an expert advisor and partner to the Software Development, Cloud, Quality, Regulatory, Verification and Validation teams.

You will navigate the full breadth of security challenges, from the initial stages of development to operation, to ensure that Endotronix’s products and operational frameworks are inherently secure and adaptive to the dynamic nature of security threats. In this capacity, the Director of Product Security will be instrumental in managing the Endotronix Secure Development Lifecycle, ensuring that security is embedded into the fabric of Endotronix’s suite of products. Your responsibilities will include:

1. Lead, own and execute the product security strategy for all Endotronix medical products, ensuring alignment with business objectives and regulatory requirements.
2. Spearhead the development of cutting-edge security programs, leveraging resources to foster innovation within Product Security and related domains.
3. Build a data-centric, engineering-focused Product Security organization that prioritizes clear goals and continuous improvement.
4. Enhance the security culture across the company by implementing consistent security policies and controls for all product lines.
5. Collaborate with cross-functional teams to embed security best practices throughout the product lifecycle, from development to manufacturing.
6. Maintain expertise in the regulatory landscape, including FDA, NMPA, EU MDR, and cybersecurity laws, to guide product compliance.
7. Oversee resource allocation and budgeting for the Product Security organization, ensuring efficient use of people, process and technology.
8. Engage in technical discussions regarding product requirements and design, ensuring security considerations are integrated.
9. Foster a collaborative environment that empowers engineering teams and promotes ownership and trust.
10. Lead project implementation, driving innovation and encouraging a learning mindset within engineering teams.
11. Establish risk management protocols and collaborate with stakeholders to address key security risks in alignment with regulatory and ethical considerations.
12. Function as the Product Security representative for external stakeholders and regulatory agencies.
13. Stay informed about emerging security technologies and assess their relevance to a highly regulated medical device industry.
14. Keep abreast of new security threats and continuously refine security practices to mitigate risks.
15. Advance and mature the Secure Software Development Lifecycle, ensuring consistent adoption across product teams and alignment to Endotronix Quality Management System.
16. Lead a team of Product Security experts in security risk assessments, including deep dives into technical requirements, design, and implementation.
17. Serve as a security champion within the organization, effectively communicating risks and security concepts to diverse audiences.
18. Enhance security tooling, automation, and processes to streamline how product teams address security.
19. Collaborate closely with various teams to safeguard the security of products, aligning with legal, privacy, and regulatory standards.
20. Ensure that product security practices comply with the evolving regulatory environment, particularly in the context of HITRUST governance.

WHAT YOU BRING TO THE TABLE

1. A solid foundation of at least ten years in Information Technology and Enterprise and Product Cybersecurity, with a history of three years in leadership and three years focusing on Enterprise or Product Security within a regulated environment.
2. Experience with both connected and disconnected products, secure software development lifecycle, risk mitigation strategies, threat modeling, and vendor supply chain security are preferred.
3. Deep understanding of the Design Control process, ensuring that all product design and development is conducted in accordance with pertinent Quality System Regulations and international standards.
4. Strong understanding of the AWS and Azure Well-Architected Framework, with a focus on the Security Pillar.
5. Proven ability to lead technical design and management of secure network architectures, including Virtual Private Clouds, subnets, and security groups.
6. Experience navigating and executing product cybersecurity requirements with 510(k), De Novo and PMA-regulated products.
7. Experience with industry best practices and regulatory requirements (FDA, NMPA, EU MDR, NIST CSF, NIST 800-53 etc.)
8. Exceptional interpersonal and communication skills, with the ability to influence and drive decisions both within the organization and in external engagements.

EDUCATION

1. Master’s degree in Cybersecurity, Computer Science, Computer Engineering or related field; or equivalent experience.
2. Certifications such as CISSP, CISM, CSSLP, GIAC, MCSE, CCSP or equivalent are preferred.

WHO YOU ARE

1. Relentlessly focused on data and hypothesis driven decision making to create the best experiences for ETX patients and customers.
2. Someone with a bias for action and quick iteration as opposed to perfection.
3. A quick learner, who is able to work independently, multitask, and drive your own projects.
4. An effective communicator and collaborator who can synthesize insights from multiple stakeholders across business functions to deliver purpose-built insights, models and tools that provide easily interpretable and actionable results.
5. A team player who can inspire teams to deliver together, embodying the idea that the whole is greater than the sum of the parts.
6. Passionate about digital healthcare and leveraging Data to deliver innovative solutions at scale.

WHAT WE’RE LIKE

1. Willing to have the “direct and honest conversation”. Not afraid to confront the facts (or be confronted) and develop a plan to move forward.
2. Competitive spirit and drive to win. Strong sense of initiative, internal motivation, and an unrelenting focus on results.
3. Openness to feedback and coaching with a strong orientation towards continual learning and improvement. Ability to solicit, accept and provide direct feedback without defensiveness.
4. Capacity to function in a highly complex company with ease and fluidity, while driving and influencing results.
5. Entrepreneurial, flexible, yet results focused.
6. High degree of intellectual curiosity, honesty, and capability.
7. Low ego and humble in spirit in spite of your track record of outstanding performance.

LIFE AT ENDOTRONIX

1. Our shared company values create a foundation of trust and collaboration. United in a common purpose, we excel at the task at hand to provide best-in-class medical technology and customer service to our patients and clinicians. And along the way we make sure to have a little fun, continue to grow and celebrate our successes.
2. We provide a competitive compensation package, comprehensive benefits including unlimited PTO, and an environment that will help you to thrive and succeed in your career.
3. Endotronix is an equal opportunity employer, and we are committed to providing equal employment opportunities to all persons without regard to race, creed, color, religion, national origin, gender, marital status, citizenship status, age, veteran status, or disability. We are passionately committed to building a diverse organization where all perspectives and cultures are celebrated.