Chief Technologist, Product Security (Remote) (R454045)
Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better. We offer innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine. Learn more about our award-winning organization by visiting stryker.com
What you will do-
The individual in this role will act as Product Security Subject Matter Expert for Stryker. You will be responsible for researching, designing and enabling the implementation of strategic technical requirements and solutions that will be used within the company.
Champion, teach, and systematize engineering and architecture principles/skills that strengthen digital and device security competencies and enables resilient controls that support current and future technical areas.
Exercise independent judgment in selecting techniques, methods, and approaches for security architecture, engineering, and technologies used across business units and divisions.
Anticipate technology trends/threats and provide plans/viability to convert them to new opportunities.
Work on significant and complex technical problems across disciplines where analysis of situations or data requires an evaluation of security and risk.
Act as independent reviewer and mentorship in design review and product development process as necessary.
Contribute to and influence Product Security strategy, program roadmap, strategic solutions and review initiatives.
Champion holistic end-to-end (component, system, system of systems) level thinking across all engagements.
Architect Product Security solutions while making technology decisions for medical devices, digital environments, and data protection.
Generate and review the necessary documents with project teams. (requirements/design/architecture/threat models/testing/Post-Market decisions).
Ensure socialized, defined, or strategic/tactical information or decisions are in alignment with regulatory requirements and strategic roadmap.
Possess an in-depth knowledge of the industry/competitive and regulatory landscape with regard to security risk landscape. Plan product and platforms technologies or capabilities necessary to increase maturity.
Champion product security opportunities considering where synergies may exist across multiple business units.
Identify vendors with new technologies and evaluate potential fit to current and future development program planning (5 to 10-year roadmap).
Lead the strategy and execution activities necessary to support direct customer engagement interactions.
Contribute to financial modeling efforts on new capabilities or emerging technologies where product security requirements or technologies will represent additional cost.
Med Device Compliance:
Lead, influence, and advance Stryker’s position in industry by influencing development of product security technical requirements, standards, and procedures used within the corporate function quality management system.
Maintain strong knowledge of regulatory requirements such as FDA and EU associated with the development of medical devices (Software in an medical device and/or software in a medical device).
Guide and advise on quality management system design control, risk management, and post market management procedures and associated quality management system documents.
Direct collaborative efforts within Digital, Robotics, and Enabling Technologies and across all Stryker divisions to ensure consistent advancement of Product Security discipline, requirements, technologies, and core competencies.
Direct internal and/or external standards, policies, and systems.
Company-level expert, who leads development and utilization of tools and systems which enhance the company’s product/process development, improve security posture and reduce risk.
Mentor and grow technical talent across various disciplines.
Set the technical direction and provide expertise in directing complex product from concept through release, where necessary.
Champion technology, organization and culture changes as required by business needs.
Advise management on advanced product security technical issues/opportunities.
Determine and pursue courses of action necessary to drive effective results.
Inspire trust, build followership, and be the sought out subject matter expert/leader.
Lead technology, architecture, or engineering reviews for projects/systems as independent reviewers applying secure design principals, coding standards and security practices.
Support incident response analysis, observations, and/or recommendations as necessary.
Represent Stryker Product Security to industry and regulatory workgroups including, but not limited to FDA, AAMI, AdvaMed, MCIC/MITRE, UoFM Archimedes, NH-ISAC, ISO/IEC, etc.
What you need-
Bachelor's degree in Computer Science, Information Systems, Engineering or related field is required. (An advanced degree is preferred)
12+ years of related experience is required
Design and Development Skills:
Driving the strategy of integrated development environments (IDE) tools for projects and Stryker corporate.
Driving the strategy for static/dynamic analysis, memory management, code coverage and techniques for analyzing software.
Driving the integration and deployment processes
Software Process Skills:
Drive the adoption of Security and privacy used within the Software Development Life Cycle processes. Provide strategic planning and guidance for project based SDLC decisions.
Drive the adoption of Application Lifecycle Management /Traceability best practices and tools.
Drive technologies, tools, and processes necessary to integrate Product Security into the agile/DevOps Software Development Life Cycle processes. Supporting the triggers necessary to identify when an in-production software element may cross regulatory defined boundary established within the 510k for a device feature to enhancement.
Regulatory and compliance standards applied to the SDLC (Software Development Life Cycle), risk management, and post market management in alignment regulatory requirements.
Regulatory compliance standards for privacy in alignment to SDLC, risk management, and post market management for privacy, including HIPAA, GDPR, MDR, Australia, Canada, China.
CISSP, CISSP-ISSEP, HCISPP, CSSLP, or other security specific certifications are preferred
**This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado**
Know someone at Stryker?
Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program.