Product Security Manager, R&D (Remote or Hybrid)

Who we want-

• Analytical: Synthesizes complex or diverse information; Collects and researches data; uses intuition and experience to complement data; designs workflows and procedures.
• Problem Solving: Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in both group and individual problem-solving situations.
• Technical Skills: Assesses own strengths and weaknesses; Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others.
• Communication: Develops a working relationship with the software development team, design team, project managers, and other relevant parties; works well in a team
• Self-motivated: Effectively commits self to achieving and takes advantage of opportunities

What you will do-

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops and maintains industry leading cyber secure products for our customers. This corporate program guides and governs the implementation and maintenance of security across the global product portfolio. The program is responsible to ensure the security, integrity, and resilience of our products to protect our customers and their patients.

The Product Security Manager will report to the Director of Program Management, R&D and will lead a team of professionals in product security at Spine. The Product Security Manager will work directly with internal new product development teams as well as the divisional product security group. In this role you will have the capability to influence technical innovation and enhance security maturity of our software enabled products.

Essential duties & responsibilities:

• Provide direct Leadership and support for activities relating to Product Security and will actively participate on teams to support security activities.
• Act as of Product Security representative and subject matter expert to the focal Stryker division/s.
• Work closely with leadership and work teams to implement security controls in new product development and operational security activities.
• Participate in divisional design reviews to ensure appropriate security controls implemented as design inputs (DI).
• Guide software development and architecture documentation related to Product Security (Software requirements specifications, Software Architecture Diagrams, Risk mitigation traceability).
• Support Engineering / Architecture and data flow diagram Reviews.
• Facilitate/Approve Environment Security deliverables that achieve and maintain compliance with regulatory requirements and/or industry certifications.
• Facilitate/Approve Security Risk Table.
• Facilitate the use of internally developed security technologies, capabilities, and relevant vendor tools based on security requirements.
• Monitor Security Pre/Post-Market Software Management.
• Monitor Vulnerability and Exploitability Assessments.
• Support Security Event/Incident Management.
• Monitor Security Status updates for division product portfolio.
• Support Security-Related Customer Communications.
• Support Divisional Process Owners to integrate compliance requirements and security best practices into their quality system procedures.
• Monitor and communicate division Key Performance and Key Risk Indicators.
• Follow established quality measures to assess overall success of team program and provides reports to leadership.
• Recommends changes to established quality measurements as appropriate.
• Encourages ongoing skill development by providing opportunities for continued education.

What you need-

• Bachelor's degree required (in Computer Science, Information Systems, Engineering or related field strongly). (An advanced degree is preferred).
• 8+ years of experience is required (direct experience within product security, software design, embedded software engineering, or IT is strongly preferred).
• 2+ years of people management experience is preferred
• Strong experience with System and Software Development Processes and Lifecycles for new product development is preferred
• Demonstrated knowledge of software configuration security vulnerability management is preferred
• Experience with risk management methodologies, trending, design control, threat modelling, vulnerability ranking and, product enhancements is preferred
• Strong, demonstrable experience with real-time operating systems is preferred
• Strong experience with at least one current coding language with experience in performing code reviews is preferred
• Demonstrated knowledge of Project Management is preferred
• Experience in developing and delivering detailed training and presentations is preferred
• Experience with event and incident response teams and efforts, including incident documentation is preferred
• CISSP, CSSLP, HCIPP, CSC, CISM or other security specific certifications are preferred

*Open to a remote -or- hybrid candidate for this role. Expectations are that you will be able to work from home and must be willing to travel to support the business as needed*

*This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado*