Director - Product Security
Indexed description
Houston, TX is the ideal location for this role, but this is open to Remote opportunities for well-qualified individuals.
Key Responsibilities
- Strategic Leadership & Program Management:
- Define and execute a comprehensive product security strategy that aligns with business priorities, FDA/MDR/524B expectations, and Quality Management System (QMS) requirements.
- Build, lead, and mentor a high-performing team of product security professionals, fostering their technical and leadership skills.
- Manage and allocate human and financial resources to achieve strategic objectives.
- Secure Product Development Lifecycle (SDLC):
- Drive a "shift-left" security strategy, integrating security controls and best practices into all stages of the product lifecycle.
- Oversee a rigorous threat modeling program and lead cybersecurity risk assessments for all new and existing products.
- Champion DevSecOps principles and automate security controls and testing within CI/CD pipelines.
- Provide architectural guidance on secure design, including implementing security controls such as secure boot, firmware signing, and encryption.
- Regulatory Compliance & Governance:
- Ensure all required cybersecurity documentation, including risk assessments and SBOMs, is prepared and submitted for premarket applications (510(k), PMA).
- Manage the generation and maintenance of SBOMs and VEX (Vulnerability Exploitability eXchange) documents to ensure transparency and enable targeted, actionable risk management for regulators and customers.
- Act as the senior product security subject matter expert, representing the company during FDA and other international regulatory inspections.
- Post-Market Surveillance & Incident Response:
- Oversee the post-market surveillance program to continuously monitor field devices for emerging threats and vulnerabilities.
- Lead and manage the security incident response process, including coordinated vulnerability disclosure, containment, root cause analysis, and remediation.
- Develop and execute plans for communicating security updates and patches to customers and stakeholders.
- Cross-Functional Collaboration & Stakeholder Engagement:
- Partner with R&D, Engineering, Quality, Regulatory Affairs, and Legal teams to embed security practices and ensure a comprehensive approach to product safety.
- Serve as the primary security consultant to the organization, articulating technical challenges and mitigation plans to senior management and external stakeholders in a clear, non-technical manner.
- Engage with customers, hospital IT/IS staff, and industry partners to translate technical requirements into business and clinical impact and build trust in the company’s products.
- Oversee external communications regarding program and product vulnerabilities
- Develop and execute strategies for external presence and participation in industry groups, conferences and thought leadership activities
- Education: Bachelor's degree in Computer Science, Cybersecurity, or a related engineering discipline, with 15 or more years of technical experience in the medical device industry.
- Experience: A minimum of 10 years of progressive experience in cybersecurity, with at least 5 years in a leadership or director-level role. At least 3 years of experience integrating security into embedded systems or connected medical devices in a regulated product development environment is essential.
- Technical Knowledge: Deep expertise in secure SDLC, threat modeling, and vulnerability management. Strong understanding of cybersecurity landscape, embedded systems security, IoT security, and cloud architectures
- Certifications: Industry-recognized certifications such as CISSP, CISM, or CSSLP are highly valued.
- Regulatory Acumen: Proven experience navigating cybersecurity requirements for FDA 510(k) and PMA submissions
- Soft Skills: Exceptional leadership, communication, and problem-solving skills with a proven ability to drive clarity and consensus across broad organizations.
Employee Benefits Include
- Health benefits – Medical, Dental, Vision
- Personal and Vacation Time
- Retirement & Savings Plan (401K)
- Employee Stock Purchase Plan
- Training & Education Assistance
- Bonus Referral Program
- Service Awards
- Employee Recognition Program
- Flexible Work Schedules
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search