Product Security Officer - Werfen

Position Summary:

The Werfen Product Privacy and Security Program is a shared service model with responsibility for Cybersecurity and Privacy by Design, Compliance, Security Testing and Incident Response.   As a Werfen Product Security Officer you are responsible for cybersecurity and privacy functions for our Products.  The role teams on Werfen Projects to ensure the product privacy and security posture.  This role is a trusted collaborator of the Project Teams and work closely with Quality and Regulatory functions. 

Responsibilities

Key Accountabilities include but are not limited to:

• Represent the Werfen Product Privacy and Security Office.
• Responsible for leading Product cross functional team members to complete all technical aspects of product cyber security tasks and initiatives.
• Represent cyber security with the product development teams to ensure cyber security and privacy is being designed into products.
• Represent cybersecurity and privacy in the Risk Assessment. as a subject matter expert including:
  • cyber security threat management process, 
  • Continuous technical analysis and monitoring of cyber security signals.
• Participate in customer assurance. This includes Product Security communications content such as:
  • Product Labeling,
  • completion of security inquiries,
  • complaint and vulnerability reports,
  • provide consistent cybersecurity and privacy guidance to Werfen and Customers.

Qualifications

Minimum Knowledge & Experience Required for the Position:

• 12-15 years of Cybersecurity and/or Privacy Compliance
• 5 years’ experience leading product cyber security projects and risk management activities – in medical device or healthcare domain.
• Experience in cross-functional cyber security activities including Product Defense in Depth, security technology, regulatory compliance, and incident response
• Domain specific standards and approaches on privacy and product security (ISO 2700x, NIST 800 Series Special Publications)
• Knowledgeable and experience with laws and regulations on cyber security, privacy, data protection and breach notification (e.g.: FDA cyber security guidelines, 95/46/ED, HIPAA, GDPR, ISO 13485, ISO 14971. AAMI TIR 57; 21CFR820, SB1386, etc.)
• Experience in designing or leading software products using Secure SDLC.
• Thorough Understanding of securing and hardening Windows and Linux operating systems
• Thorough understanding of networking and network security