Senior Product Security Manager (Remote) (R453021)
Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better. We offer innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine. Learn more about our award-winning organization by visiting stryker.com
Product Security is driven to make healthcare better by ensuring that Stryker designs, develops and maintains industry leading cyber secure products for our customers. This corporate program guides and governs the implementation and maintenance of security across the global product portfolio. The program is responsible to ensure the security, integrity, and resilience of our products to protect our customers and their patients.
The Product Security Manager will report to the Head of Product Security and will work directly with international business divisions. In this role you will have the capability to directly influence technical innovation and enhance security maturity of our digital health and product information networks.
What you will do-
Act as of Product Security representative and subject matter expert to the focal Stryker division/s.
Work closely with leadership and work teams to implement security controls in new product development and operational security activities.
Participate in divisional design reviews to ensure appropriate security controls implemented as design inputs (DI).
Support Engineering / Architecture and data flow diagram security and reviews.
Facilitate/Approve Product Security deliverables that achieve and maintain compliance with regulatory requirements and/or industry certifications for cloud environments.
Review threat models to evaluate accuracy and facilitate/Approve Security Risk Table.
Orchestrate the agile development usage of *AST tooling within the CI/CD pipeline.
Facilitate the use of internally developed security technologies, capabilities, and relevant vendor tools based on security requirements.
Monitor Security Pre/Post-Market Software Management.
Monitor Vulnerability and Exploitability Assessments for in-scope applications/data.
Support Security Event/Incident Management.
Monitor Security Status updates for division product portfolio.
Support Security-Related Customer Communications.
Coordinate with Global Security services to maintain alignment of holistic security support.
Support Divisional Process Owners to integrate compliance requirements and security best practices into their quality system procedures.
Where necessary, facilitate the creation of Security policies.
Monitor and communicate division Key Performance and Key Risk Indicators.
Follows established quality measures to assess overall success of team program and provides reports to leadership. Recommends changes to established quality measurements as appropriate.
Encourages ongoing skill development by providing opportunities for continued education.
What you need-
Bachelor's degree in Computer Science, Information Systems, Engineering or related field is required. (An advanced degree is preferred)
10+ years of experience in product security, software design, or embedded software engineering is required.
Strong experience with System and Software Development Processes and Lifecycles for new product development is preferred
Demonstrated knowledge of software configuration security vulnerability management is preferred
Experience with risk management methodologies, trending, design control, threat modeling, vulnerability ranking and, product enhancements is preferred
Strong, demonstrable experience with real-time operating systems is preferred
Strong experience with at least one current coding language with experience in performing code reviews is preferred
Demonstrated knowledge of Project Management is preferred
Experience in developing and delivering detailed training and presentations is preferred
Experience with event and incident response teams and efforts, including incident documentation is preferred
CISSP, CSSLP, HCIPP, CSC, CISM or other security specific certifications are preferred
This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado.
Know someone at Stryker?
Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program.