Primary Duties And Responsibilities:
- Partner with engineering and cross-functional teams (cloud, console, pump, etc.) to drive adherence to the product security program.
- Deliver pre-market security documentation: security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.
- Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
- Monitor and drive post-market vulnerability management with strict timelines.
- Support compliance certification activities (e.g., SOC2, FedRAMP, ISO 27001).
- Identify and integrate new compliance requirements and industry standards/trends into the program.
- Guide teams to balance business needs with security objectives.
Job Qualifications:
- Bachelorβs degree in Computer Science, Information Systems, or related field.
- 4+ years in Information Security.
- Working knowledge of regulatory standards/compliance frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, GDPR).
- Experience with security risk management.
- Experience in a regulated environment; FDA-regulated preferred.
- Strong organizational skills, attention to detail, and ability to meet deadlines.
- Strong communication and interpersonal skills.