Develops security software, including tools for encryption, authentication, monitoring, intrusion detection, virus/spyware/malware detection for hemodialysis and peritoneal dialysis medical device products and related services. Other tasks will include partnering with the existing FMC corporate security governance policy and processes, collaborating with cross-functional project teams, and the implementation of appropriate security solutions, and participation in any vulnerability assessments as subject matter expert. This role is distinct from FMC’s corporate security scope.
Duties and Responsibilites
- Maintain up-to-date knowledge of the global IT security industry in regards to hemodialysis and peritoneal dialysis and related products and personal health information including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Assess the risk of new and current medical devices, treatment services, and digital solutions (Cloud-based services, Mobile Applications, IoT Services, etc.).
- Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through FMC’s medical devices, treatment services, and in databases and other data repositories developed by GRD.
- Participate in security software code reviews.
- Support the design and execution of vulnerability assessments, penetration tests and security audits.
- Perform regular security awareness training to ensure consistently high levels of compliance with security policy.
- Aligning and collaborating with fellow FMC security professionals (CSIO, Protection/Security Law, etc.).
- Performs security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents, and mounts incident response.
- Investigates and utilizes new technologies and processes to enhance security capabilities and implement improvements
- Analyzes and assesses vulnerabilities in hemodialysis and peritoneal dialysis medical device products and related services, investigate/implement security controls to remedy the detected vulnerabilities,
- Tests for compliance with security policies and procedures.
- Need to be sharp; think independently and have good documentation and communication skills. This person will participate in the selecting of security training for the teams.
- Will participate in code reviews with machine teams and help implement continuous integration with vulnerability static code analysis tools.
- Certification in ISO2700
Master’s Degree in Computer Science, Information Security or Cybersecurity or related field.
Experience and required Skills
- 5 – 10 years related engineering experience in cybersecurity
- Industry certifications
- Management level • Certified Information Security Manager (CISM) – Preferred
- Practitioner-level – Pluses • Certificate of Cloud Security Knowledge, Security+, OSCP, CEH, CISSP (or Associate)
- Knowledge and understating of Medical Device Regulation, Quality, and Design Controls (ISO 13485, ISO14971, FDA 21 CFR 820.30) Preferred.
- Knowledge of a cybersecurity framework a plus (Ex. NIST SP 800, ISO 27000, NIST CSF)
- Communication and presentation skills both across technical and non-technical audiences, both written and in-person
- Strong Communication and Documentation skills
- Competent mentoring and coaching skills