Product Security Officer II

Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain.  We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.

Our success comes from a specific focus in these rapidly evolving diagnostic areas, our commitment to customers, and our dedication to innovation and quality. We’re passionate about providing healthcare professionals the most valuable and complete solutions to improve hospital efficiency and enhance patient care.

Job Summary

The Werfen Product Privacy and Security Program is a shared service model with responsibility for Cybersecurity and Privacy by Design, Compliance, Security Testing and Incident Response.  As a Werfen Product Security Officer you are responsible for cybersecurity and privacy functions for our Products. This role is a trusted collaborator of the Project Teams and works with the Quality and Regulatory functions to ensure the product privacy and security posture. 

Key Accountabilities

Represent the Werfen Product Privacy and Security Office with responsibility for leading Product cross functional team members to complete all technical aspects of product cybersecurity tasks and initiatives.

• Participate in customer assurance with Quality, Regulatory, Marketing, Services, and the Affiliates. This includes Product Security communications content such as: Product Labeling, Completion of security inquiries, Complaint and vulnerability investigation and reports,

• Provide consistent cybersecurity and privacy guidance to Werfen and customers.

• Represent cybersecurity and privacy in the Risk Assessment as a subject matter expert including: Cybersecurity threat management process, and Continuous technical analysis and monitoring of cybersecurity signals.
• Work with project or program teams on planning and scheduling, clarifying and defining scope of work, utilizing deliverable milestone methods and critical path scheduling, resource planning and allocation, and developing task and project estimates for cybersecurity requirements and related gaps, epics, stories, and defects.
• Support the generation of an integrated cybersecurity management plan that meets business objectives and is compliant with the design control process, while maximizing resource efficiency.
• Represent cybersecurity and privacy for reviews of epics, stories and defects within PI planning activities, tech reviews, and change review board meetings (CRB) as a subject matter expert for cybersecurity.  
• Ensure product security deliverables are completed and documented as defined within the quality management system's work instructions for product security.
• Support agile teams as a cybersecurity and privacy subject matter expert. Assist with the definition of epic and story requirements and deliverables to align with product security requirements.
• Collaborate with the project and program teams to identify, assess, and prioritize cyber security issues and risk, and assist in supporting design controls to implement an appropriate solution through completion.
• Represent cybersecurity with the product development teams to ensure cybersecurity and privacy is being designed into products.
• Support program and project leads to ensure adequate oversight and control of vendors providing development, test or technical services for the project and are aligned with product security deliverables and requirements.
• Contribute to and review cybersecurity product documentation, support FDA 510K submission activities and inquiries, and assist with oversight activities, including management reporting.

Networking/Key Relationships

• Provide technical and team leadership to one or more medium project team(s) or a program team, including cybersecurity consulting, and cyber security technical leadership within the program area. Drive the successful attainment of Product Security program/cyber security project related goals.
• Responsible for product security program communication for both within the product security team, project team(s) and between the team(s) and executive management.

Minimum Knowledge & Experience for the position:

• At least 10 years of cybersecurity experience, preferably in product development with at least 4 years successful technical leadership, cyber security coordination, or cybersecurity management are required
• Requires Bachelor’s degree in Business, Computer Science, Computer Engineering or the equivalent combination of related training, proficiency and experience.
• Certification in cybersecurity e.g. (CISSP/CISM/CISA, Security +; Cisco CCNP Security) preferred.
• Certification in project or program management is desirable.
• Full and comprehensive knowledge of the complete product lifecycle, including all aspects of product development from conception to manufacturing introduction.

Skills & Capabilities:

• Problem solving, conflict management, listening, managing and measuring work
• Quality and Regulatory experience e.g. (510K submissions)
• Knowledge of domain specific standards and approaches on privacy and product security (ISO 2700x, NIST 800 Series Special Publications)
• Knowledgeable and experience with laws and regulations on cyber security, privacy, data protection and breach notification (e.g.: FDA cybersecurity guidelines, 95/46/ED, HIPAA, GDPR, ISO 13485, ISO 14971. AAMI TIR 57; 21CFR820, SB1386, etc.)
• Experience in designing or leading software products using Secure SDLC.
• Understanding of securing and hardening Windows and Linux operating systems
• Understanding of networking and network security 
• Familiarity with agile and project management tools and techniques
• Team player, self-motivated, perseverance
• Strong oral and written skills

Travel Requirements:

• 10% Travel
  
  

The annual base salary range for this role is currently $160,000 to $190,000. Individual employee compensation will ultimately depend on factors including education, relevant experience, skillset, knowledge, and particular business needs.

This role is eligible for medical, dental, and vision insurance, 401k plan retirement benefits with an employer match, as well as paid vacation and sick leave. Our sales roles are eligible for participation in a commission plan and our management, and select professional roles, are eligible for a performance-based bonus.

If you are interested in constantly learning and being challenged on a daily basis we encourage you to submit your resume or CV. 

Werfen is an Equal Opportunity employer and is committed to a diverse workplace. Werfen strictly prohibits unlawful discrimination, harassment or retaliation based upon an individual’s race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, mental/physical disability, medical condition, marital status, veteran status, or any other protected characteristic as defined by applicable state or federal law. If you have a disability and need an accommodation in relation to the online application process, please contact [email protected] for assistance.

We operate directly in over 30 countries, and in more than 100 territories through distributors. Annual revenue is approximately $2 billion and more than 7,000 employees around the world comprise our Werfen team.

www.werfen.com