Job Information
About the Position
Introduction
Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain. We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.
Overview
The Product Security Manager is responsible for developing and managing a central Secure Development Lifecycle program, to ensure security and privacy by design across the entire product portfolio, covering all stages from pre-market development to post-market surveillance. This role involves developing and implementing global security strategies, conducting risk assessments, overseeing the implementation of security controls, and ensuring compliance with industry standards and regulations. The Product Security Manager collaborates with cross-functional teams, and plays a crucial role in safeguarding the company's reputation, protecting patient data, and maintaining the trust of customers and stakeholders throughout the product lifecycle.
Responsibilities
Key Accountabilities
The Product Security Manager key accountabilities are:
Manage the development and implementation of a comprehensive end-to-end Secure Development Lifecycle, ensuring that cybersecurity and privacy by design are embedded in all products (on-prem & digital), from pre-market to post-market
Collaborate with cross-functional teams, including engineering, product management, and regulatory affairs, to develop a DevSecOps pipeline and culture
Conduct third-party vendor and supply chain risk assessments to identify potential security threats and develop mitigation strategies
Ensure compliance with industry standards and regulations, such as GDPR, HIPAA, NIST, and FDA cybersecurity guidelines
Develop and deliver training programs to educate employees on product security best practices (lunch-and-learns, instructor led, table tops and more)
Represent the company in industry forums and working groups related to product security
Networking/Key relationships
The Product Security Manager interacts with different stakeholders including:
Company directors for strategy and risk management
Product Security Director and the Data Privacy Officers to ensure alignment between company’s security and privacy compliance programs
Product Security Officers to guarantee process harmonization across the different business units
Regulatory Affairs to define procedures for product security
Engineering (R&D) departments to provide support on Secure Development Lifecycle
Quality Assurance department to provide support on security testing
Qualifications
Minimum Knowledge & Experience required for the position:
The qualifications required by the position are:
Engineer, computer science or other technical degree, or equivalent work experience
The required work experiences by the position are:
7+ years experience in product security, including at least 2 years in a leadership or management role
3+ years of software development experience
The following work experience and qualifications are a plus:
Solid knowledge on relevant standards such as IEC 62443, GDPR, HIPAA, and ISO 27001
Strong knowledge of Secure Development Lifecycle practices, standards and industry best practices
Knowledge of medical device regulations
Certifications such as CISSP, CISM, CCSP, CEH
Skills & Capabilities:
The skills and capabilities required by the position are:
Strong analytical and problem-solving skills to identify and address security challenges and vulnerabilities
Effective communication skills to convey complex cybersecurity concepts to both technical and non-technical stakeholders
Willingness to stay updated on the latest cybersecurity trends, threats, technologies, and regulations through continuous learning and professional development
Ability to lead and collaborate with cross-functional teams, share information, and work together to enhance overall cybersecurity posture
Travel requirements:
Less than 25% of the time
If you are interested in constantly learning and being challenged on a daily basis, we encourage you to submit your resume or CV.
Werfen appreciates and values diversity. We are an Equal Opportunity/Affirmative Action Employer M/F/D/V.
www.werfen.com
