Job Description:

The Product Security Officer (PSO) for Medical Devices is a member of the Medical Device Security team at Carl Zeiss Meditec AG and reports directly to the Information Security Manager Medical Devices.

The PSO Medical Devices manages, consolidates, prioritizes, and coordinates with the global Information Security Manager (ISM) Medical Devices all information security and data protection topics throughout the entire lifecycle of the medical devices. This includes, amongst others, the phases of initial planning, development as well as further development of ZEISS medical devices. Here, he/she coordinates closely with the respective development teams at the respective site and, if necessary, also across sites.

The PSO Medical Devices ensures that the products themselves, as well as the corresponding development and operating processes, comply with the state of the art, the company's internal information security requirements and the relevant standards, regulations and applicable laws.

In addition, where required, the PSO Medical Devices is responsible for bringing the relevant products within the scope of the existing ISO 27001 certification.

Furthermore, the PSO Medical Devices, in terms of information security and data protection, is the interface between the respective business unit and the technical implementation in the development units. As such, he/she also represents information security and data protection issues in strategic decisions and coordination on business level. If required by the product, this also applies across sites or internationally for the corresponding product.

Job Functions:

• Cooperate and collaborate on a strategic level with the respective business units, starting in the conception phase of the respective products, with regard to information security and data protection.

• Technical lead of respective team of security engineers and architects regarding information security issues in the corresponding products.

• Cooperate with the respective development departments on operational level in the implementation of security measures, also across sites and internationally for the relevant products / product groups.

• Organize and participate on threat modeling sessions in development projects. Take over leadership after maturity level allows to do so.

• Execute protection requirements analyses

• Develop information security and data protection requirements based on protection requirements analyses and threat modeling.

• Manage and maintain information security and data protection requirements, and coordinate with the respective development teams regarding technical implementation and prioritization of such requirements.

• Participate in the conception and introduction of a new MED-wide risk management system, applying innovative thinking and and considering longer-term business development trends.

• Execute risk analyses.

• Organize, coordinate, and execute penetration tests with external vendors.

• Create security concepts and document implemented security measures.

• Where necessary, extend the scope of ISO/IEC 27001 to the corresponding products, incl. execution of all actions required.

• Represent information security and privacy issues in the respective Product Strategy Meetings (PSM).

Job Requirements:

Bachelor's or Master's degree in the field of IT, a comparable degree or comparable professional experience in information security; relevant certifications from the security field (e.g. CISM, CDPSE, CISSP or similar) Mid-term experience in information security and data privacy roles in a development environment (international scope of advantage) Technical experience in IT-Security. Experience in product development and engineering of advantage.

Strong communication skills, including:

• Ability to solve complex tasks and problems, applying innovative thinking considering longer-term business & development trends

• Ability to solve new conceptual issues

• Ability to correlate technologies, understand complex environments, business requirements, incl. knowledge outside own area of expertise

• Ability to apply innovative, creative, novel and effective ways

• Ability to interact with subordinate employees, stakeholders, incl. security engineers, involving matters between functional areas, other company divisions or unit

Broad expertise or specialized knowledge on:

• IT-Security, incl. technical implementation of security measures

• Data protection / privacy

• ISO 27xxx series, HIPAA, GDPR

• Agile development

• Medical devices

Self-driven, results-oriented approach to work

Strong program and project management skills in international and complex environments

Certifications such as CISM, CDPSE, CISSP, ISO27001, etc.

German (fluent), English (fluent)

Job Type: Full-time

Pay: From $147,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Employee discount
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Work Location: Hybrid remote in Dublin, CA 94568

Please Note :
clarksqn.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, clarksqn.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.