Sr. Director Information and Product Security

Company:  Spacelabs
Location: Snoqualmie
Closing Date: 23/10/2024
Salary: £125 - £150 Per Annum
Hours: Full Time
Type: Permanent
Apply Now
Job Requirements / Description

Overview:

At Spacelabs Healthcare, we are on a mission to provide continuous innovation in healthcare technology for better clinical and economic outcomes. Our scalable solutions deliver critical patient data across local and remote systems, enable better-informed decisions, increase efficiencies, and create a safer environment for patients.

Why work at Spacelabs? Because lives depend on you!

The Senior Director of Information and Product Security is responsible for overseeing Spacelabs’ comprehensive and enterprise-wide information security management program, including information security, security of our IT applications and technology, and medical device product cybersecurity.

The Senior Director of Information and Product Security shall assess risks and vulnerabilities to establish and maintain necessary operational controls, physical protections, and secure technology to protect the company’s information and technology, based upon industry-accepted information security and risk management standards and in compliance with local, federal, and international regulations and laws.

The Senior Director of Information and Product Security is also responsible for overseeing product security for Spacelabs’ software and hardware products and systems that are used by our healthcare customers. He or she shall manage a team of security professionals and work with other company functions to support pre- and post-market medical product design, development, and maintenance.

This position can be onsite, hybrid, or remote.

Responsibilities:

  • Develop and implement a comprehensive information security strategy
  • Assess and mitigate information and technological vulnerabilities and risks
  • Surveil and identify emerging security threats and trends that may impact the organization and its products and systems
  • Maintain security risk management plans and vulnerability assessments to identify and address security weaknesses and threats
  • Identify and assess data use, storage, and process flows to ensure adequate protection and controls (“Adequate Security”)
  • Collaborate and align Security Strategy with Corporate Information Security
  • Implement administrative, physical, and technical controls necessary to ensure Adequate Security and regulatory compliance
  • Establish and maintain information security policies and procedures
  • Identify, arrange, prepare, and perform staff training and refresher training
  • Implement and manage security technologies, such as firewalls, intrusion detection, encryption, etc.
  • Report on system performance to management, including internal audits, corrective action, performance towards objectives, response to issues and concerns, driving improvements, etc.
  • Provide direction for company privacy and security Design Control, Risk Management, and Post-market Surveillance processes, activities, and outputs
  • Represent privacy and security interests and provide guidance as a member of company cross-functional design teams
  • Conduct regular risk assessments and vulnerability tests to identify potential security threats and develop strategies to mitigate them
  • Stay up to date with the latest industry trends, threats, and technologies to ensure that the organization's IT security measures are current and effective
  • Collaborate with other departments to ensure that security requirements are integrated into the design and implementation of new systems and technologies
  • Develop and maintain incident reporting and response plans to ensure preparedness for security incidents and breaches
  • Direct and lead investigations of security incidents, breaches, and alleged vulnerabilities
  • Lead efforts to contain, recover, and remediate from breaches, incidents, and near-misses
  • Evaluate and perform breach reporting
  • Drive product corrective actions, field corrective actions, and customer notifications when necessary to address security vulnerabilities and risks
  • Assess and ensure compliance with industry standards and applicable laws and regulations
  • Represent the company in audits and inspections
  • Pursue and maintain identified certifications, such as ISO 27001 and ISO 13485
  • Define the strategy, direction, and objectives of the security team
  • Hire, mentor and coach team members to create a competent and empowered team
  • Work with engineering and other teams to help us build secure infrastructure and products
  • Ensure that direct report(s) are trained and evaluated on their knowledge and adherence to the company’s values, Code of Ethics and Conduct, and applicable compliance policies
  • Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
  • Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
  • It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
  • Duties may be modified or assigned at any time to meet the needs of the business

Qualifications:

  • Bachelor's degree in Computer Science, Information Security, Engineering, or related field; Master's degree preferred
  • 10+ years of experience in a combination of risk management, information security, and IT roles
  • 5+ years of experience in information security and risk management
  • 5+ years of experience in managing and leading global teams
  • 3+ years working in a regulated medical device environment
  • Certification in professional security management preferred, such as Security+, CISSP, CCNA Security, CPP, or GIAC
  • Demonstrated expertise with information security management frameworks such as ISO/IEC 27001/27002 and the National Institute of Standards and Technology (NIST 800-53, 800-66)
  • Demonstrated experience in building and managing information security programs
  • Understanding of and experience with ISO 27001/27002, IEC 80001-1, MDCG 2019-16, ISO 13485, US FDA Quality System Regulations, HIPAA, GDPR, and related laws and regulations
  • Demonstrated expertise with medical device design control and/or other best-in-class software or medical device development approaches
  • Educates and coaches engineering leadership and cross-functional design teams on good cybersecurity practices and responsibility for ensuring adequate and expected product security
  • Ability to monitor and drive the identification and mitigation of security vulnerabilities early in the development process and management of post-market product security activities
  • Experience collaborating with industry information sharing and analysis organizations (ISAO’s) to support company and industry cybersecurity threat intelligence
  • Contract and vendor negotiation and management experience, including managed services
  • Strong writing and verbal communication abilities
  • A high level of personal integrity
  • Capable of leading and motivating cross-functional, multidisciplinary teams via innovative thinking and leadership
  • Strong attention to detail and the ability to prioritize and manage multiple tasks simultaneously
  • Must be willing and able to respond to urgent situations after business hours and/or on weekends and as otherwise needed to support global operations

#LI-Remote

Please review our benefits here: Life at OSI

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location and date of hire. Please note that the salary information shown above is a general guideline only. Salaries are based upon candidate experience and qualifications, as well as market and business considerations.

NOTICE TO THIRD PARTY AGENCIES

OSI Systems, Inc. and its subsidiaries (collectively “OSI”) does not accept unsolicited resumes from recruiters or employment agencies. If any person or entity, including a recruiter or agency, submits any information, including any resume or information regarding any potential candidate, without a signed agreement in place with OSI, OSI explicitly reserves the right to use such information, and pursue and/or hire such candidates, without any financial obligation to the person, recruiter or agency. Any unsolicited information or resumes, including those submitted directly to hiring managers, are considered and deemed to be the property of OSI.

Equal Opportunity Employer

EEO is the Law

Poster Link:

OSI Systems, Inc. has three operating divisions: (a) Security, providing security and inspection systems, turnkey security screening solutions and related services; (b) Healthcare, providing patient monitoring, diagnostic cardiology and anesthesia systems; and (c) Optoelectronics and Manufacturing, providing specialized electronic components and electronic manufacturing services for original equipment manufacturers with applications in the defense, aerospace, medical and industrial markets, among others.

#J-18808-Ljbffr
Apply Now
Apply Now
Share this job
Spacelabs
Useful Links
More Jobs in Snoqualmie
Full Time Jobs in Snoqualmie
Part Time Jobs in Snoqualmie
Security Jobs
Sales Jobs
Management Jobs
An error has occurred. This application may no longer respond until reloaded. Reload 🗙