Security product manager

Job Summary
The Product Security Manager is responsible for developing and managing a central Secure Development Lifecycle program, to ensure security and privacy by design across the entire product portfolio, covering all stages from pre-market development to post-market surveillance. This role involves developing and implementing global security strategies, conducting risk assessments, overseeing the implementation of security controls, and ensuring compliance with industry standards and regulations. The Product Security Manager collaborates with cross-functional teams, and plays a crucial role in safeguarding the company's reputation, protecting patient data, and maintaining the trust of customers and stakeholders throughout the product lifecycle.
Key Accountabilities
The Product Security Manager key accountabilities are:
Manage the development and implementation of a comprehensive end-to-end Secure Development Lifecycle, ensuring that cybersecurity and privacy by design are embedded in all products (on-prem & digital), from pre-market to post-market
Collaborate with cross-functional teams, including engineering, product management, and regulatory affairs, to develop a Dev Sec Ops pipeline and culture
Conduct third-party vendor and supply chain risk assessments to identify potential security threats and develop mitigation strategies
Ensure compliance with industry standards and regulations, such as GDPR, HIPAA, NIST, and FDA cybersecurity guidelines
Develop and deliver training programs to educate employees on product security best practices (lunch-and-learns, instructor led, table tops and more)
Represent the company in industry forums and working groups related to product security
Networking/Key relationships
The Product Security Manager interacts with different stakeholders including:
Company directors for strategy and risk management
Product Security Director and the Data Privacy Officers to ensure alignment between company’s security and privacy compliance programs
Product Security Officers to guarantee process harmonization across the different business units
Regulatory Affairs to define procedures for product security
Engineering (R&D) departments to provide support on Secure Development Lifecycle
Quality Assurance department to provide support on security testing
Minimum Knowledge & Experience required for the position:
The qualifications required by the position are:
~ Engineer, computer science or other technical degree, or equivalent work experience
The required work experiences by the position are:
~7+ years experience in product security, including at least 2 years in a leadership or management role
~3+ years of software development experience
The following work experience and qualifications are a plus:
Solid knowledge on relevant standards such as IEC 62443, GDPR, HIPAA, and ISO 27001
Strong knowledge of Secure Development Lifecycle practices, standards and industry best practices
Knowledge of medical device regulations
Certifications such as CISSP, CISM, CCSP, CEH
Skills & Capabilities:
The skills and capabilities required by the position are:
Strong analytical and problem-solving skills to identify and address security challenges and vulnerabilities
Effective communication skills to convey complex cybersecurity concepts to both technical and non-technical stakeholders
Willingness to stay updated on the latest cybersecurity trends, threats, technologies, and regulations through continuous learning and professional development
Ability to lead and collaborate with cross-functional teams, share information, and work together to enhance overall cybersecurity posture
Travel requirements:
Less than 25% of the time
People Manager Core Competencies:
Building Talent
Planning and supporting the development of individuals’ knowledge, skills, and abilities so that they can fulfill current or future job responsibilities more effectively
Customer Focus
Ensuring that the internal or external customer’s perspective is a driving force behind strategic priorities, business decisions, organizational processes, and individual activities; crafting and implementing service practices that meet customers’ and own organization’s needs; promoting and operationalizing customer service as a value
Decision Making
Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences
Driving for Results
Setting high goals for personal and group accomplishment; using measurement methods to monitor progress toward goals; tenaciously working to meet or exceed goals while deriving satisfaction from that achievement and continuous improvement
Driving Innovation
Creating an environment (culture) that inspires people to generate novel solutions with measurable value for existing and potential customers (internal or external); encouraging experimentation with new ways to solve work problems and seize opportunities that result in unique and differentiated solutions
Emotional Intelligence Essentials
Establishing and sustaining trusting relationships by accurately perceiving and interpreting own and others’ emotions and behavior; leveraging insights to effectively manage own responses so that one’s behavior matches one’s values and delivers intended results
People Manager Accountabilities:
Effectively carries out the expectations of Werfen People Managers as defined in Werfen’s Role of the Manager program. Among others this includes maintaining regular, at minimum once a month, and transparent communication with the team through effective use of formal one-on-one meetings with direct reports and team meets. Managing performance issues and conflict proactively; uses judgement in consulting with department leadership and Human Resources. Responsibility for the team´s compliance in terms of training, and fulfilment of their tasks and objectives as well as onboarding of new employees and development of the existing team