Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Estimating Intern, Summer 2022

ACIST Medical Systems, Inc.

Estimating Intern, Summer 2022

Eden Prairie, MN
Full Time
Paid
  • Responsibilities

    Position Summary:

     

    The Director, Product Security role drives and directly influences all activities related to product related cybersecurity activities in the company. This role is responsible for establishing and maintaining a program for product security, to ensure that the products are designed for security, comply with regulatory requirements,  monitor and respond to external security related events as necessary.

     

    This role will work closely with the product teams to identify, evaluate, and mitigate product security risks during the development and maintenance of products.

     

    This role will be the process owner of all pre-market and post-market activities related to product security, is expected to stay current with regulatory and compliance requirements, and ensuring that company processes, policies, and organizational activities across various functions meet the risk levels acceptable to the organization and the regulatory bodies.

     

    The Director, Product Security will serve as an internal consultant for cybersecurity awareness and education to the leadership team and various functional groups within the organization.

     

    This is a high-profile position that requires a strong cybersecurity, leadership, and interpersonal skills, the ability to work effectively and collaboratively with the business, knowledge of both pre-market & post-market cybersecurity activities, and to support the product development teams to deliver high quality solutions that ensure patient safety, regulatory compliance, and data/system security.

     

    PRIMARY DUTIES AND RESPONSIBILITIES:

     

    • Develop, maintain and execute a multi-year enterprise-wide program to establish pre-market and post-market cybersecurity practices within the company
    • Create, own and manage all pre and post-market Cybersecurity related SOPs within the Quality Management System, and work with functional leaders to operationalize them
    • Educate the product teams on cybersecurity requirements, trends, best practices, and regulatory expectations
    • Drive, as well as support, the technical teams in identifying and remediating security vulnerabilities during product development. This includes vulnerability assessments, secure design practices, introduction/use of tools and processes to assess residual risk in the product, and creation of cybersecurity related documentation as part of regulatory submissions.
    • Chair a multi-disciplinary committee to review and approve development projects cybersecurity artifacts, and respond to security events as they occur.
    • Lead and evolve the Product Security program objectives, roadmap, business, and regulatory alignment strategy, and assures compliance adherence for medical device submissions in various jurisdictions (FDA, EUMDR, etc.)
    • Partner with the Operations team for the timely and successful resolution for any Product Cyber Security incidents and events. Plan for and lead security incident response and recovery effort.
    • Conduct mock security incidents on an annual basis to exercise the response procedure
    • Be the point of contact for cybersecurity related issues with both internal and external stakeholders
    • Respond to security questions from prospects (during the sales process), existing customers, and compliance auditors.
    • Measures and reports on the security assessment of the product portfolio on an ongoing basis.
    • Measure and report on the overall security posture and efficacy on an ongoing basis. Utilizing tools such as BSIMM or OpenSAMM.
    • Provide professional guidance to the product teams to ensure they are implementing products that align with the defined security policies and standards.
    • Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing.
    • Assist with third party & supplier information security assessments, if required
    • Educating product owners and development teams on data security requirements, and evangelize product security across the company
    • Any other relevant responsibilities as assigned by the manager from time to time

    Required Skills

    Minimum:

    • Bachelor’s Degree
    • Good knowledge of Incident Response, Vulnerability Management, and Cyber Threat Intelligence functions
    • Experience building, operationalizing, and optimizing product security teams, preferably in healthcare IT and Medical Devices
    • Overall 12+ years of experience in risk management or similar compliance function with 5+ years in Cybersecurity
    • 3+ years of experience working as a team lead or a manager responsible for driving cyber security and risk related programs at an executive leadership level
    • Ability to collaborate in a very fast paced environment
    • Professional information security certification (for example, CISSP, HISP, CISM, etc.)
    • Understanding of cybersecurity guidelines and requirements from FDA and EU MDR
    • Experience in Windows technology stack, embedded systems, and healthcare IT standards/protocols (DICOM, HL7, etc.)
    • Experience with relevant industry standards or frameworks, such as - NIST CSF, AAMI TIR 57, HITRUST, HSCC JSP, etc.
    • Excellent written and verbal communications skills; demonstrated ability to communicate highly technical concepts to non-technical audiences
    • Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively
    • Ability to coordinate multiple teams in accomplishing process review and improvement
    • Excellent judgment under stressful conditions - proven ability to make difficult trade-offs with sound decision making and rationale

    OTHER:

    • May require occasional domestic and international travel between company locations, for attending trade shows and conferences, as required per business needs.
    • Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for U.S.-based job, if not currently employed by ACIST Medical Systems.

    Required Experience

  • Qualifications

    Minimum:

    • Bachelor’s Degree
    • Good knowledge of Incident Response, Vulnerability Management, and Cyber Threat Intelligence functions
    • Experience building, operationalizing, and optimizing product security teams, preferably in healthcare IT and Medical Devices
    • Overall 12+ years of experience in risk management or similar compliance function with 5+ years in Cybersecurity
    • 3+ years of experience working as a team lead or a manager responsible for driving cyber security and risk related programs at an executive leadership level
    • Ability to collaborate in a very fast paced environment
    • Professional information security certification (for example, CISSP, HISP, CISM, etc.)
    • Understanding of cybersecurity guidelines and requirements from FDA and EU MDR
    • Experience in Windows technology stack, embedded systems, and healthcare IT standards/protocols (DICOM, HL7, etc.)
    • Experience with relevant industry standards or frameworks, such as - NIST CSF, AAMI TIR 57, HITRUST, HSCC JSP, etc.
    • Excellent written and verbal communications skills; demonstrated ability to communicate highly technical concepts to non-technical audiences
    • Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively
    • Ability to coordinate multiple teams in accomplishing process review and improvement
    • Excellent judgment under stressful conditions - proven ability to make difficult trade-offs with sound decision making and rationale

    OTHER:

    • May require occasional domestic and international travel between company locations, for attending trade shows and conferences, as required per business needs.
    • Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for U.S.-based job, if not currently employed by ACIST Medical Systems.