Job Title
Product Security Professional – Greater China Market
Job Description
Job Description
The Product Security Professional will be responsible for advancing the practice of product security risk assessment and design across Business Units in Greater China Market. The role will require influence through collaboration with Q&R, R&D, Sales, Service and RA teams.
Our goal is to ensure that our product development teams maximize economic value, design secure products, optimize product security features, performance, manufacturing costs and time to market as we bring life-saving products and services to the world with unsurpassed quality, security, and reliability.
Key Responsibilities
• Identify Risks throughout the Idea-to-market (I2M) and work with other teams as necessary to provide mitigation and cost/benefit analysis
• Ensure customer security requirements are being addressed within our products
• Support business initiatives by providing solutions based on best practices, regulatory and customer requirements of product security
• Support the development of risk mitigations and control plans for the product in the Business
• Develop Risk and Benefits Cost analysis to present to the Product/Program Manager
• Ensure that all Penetration, Vulnerable assessment, and Fuzz testing are completed
• Conduct PSRA (Product Security Risk Assessments) for BU (Business Units)
• Perform Product Security Audit and Compliance activities
• Reporting on business specific Key Performance Indicators (KPIs)
• Work with Product Managers, Field Marketing, Services and Sales to collaborate on Product Security topics, incident response and customer complaints
• Work with Quality and Regulatory team on Product Security process and procedures in QMS (Quality Management System), and govern product security
• Work with product security officer and local teams to support L4L, L4G, G4L product security
• Support product NMPA registrations
• Support the M&A process on Product Security aspects
• Support to qualify China local security vendor
• Champion the importance of product security during the life cycle of products
• Develop/tailor and conduct product security training
We are looking for
• Bachelor or above degree in Computer Science Engineering
• Minimum of 5 years in product security or security risk management, or security designs
• Strong communication, presenting, problem-solving skills in global cross-site teams
• Experience in the complex digital architecture solutions using Web, Mobile apps, IOT, Cloud, AI, big data from both international and China specific ecosphere perspective, and knowledge of “Cryptography Application Security Assessment” and “Information Technology Application Innovation”
• Experience in incident handling and response
• Experience in designing software development products using SDLC (i.e., Agile, DevOps, DevSecOps)
• Experience in Health information security management (ISO 27799, ISO/IEC 80001, DIACAP) (Preferred)
• A solid development experience in security designs and penetration test (Preferred)
• Familiar with Laws and regulations on privacy, data protection, and breach notification (95/46/EC, GDPR, HIPAA, FDA, NMPA, MPLS, ISO/TS 14265, 21CFR820, SB1386, etc.)
• Familiar with China’s with Laws and regulations: Cybersecurity Law, Data Security Law, Personal Data Protection law, Multi Layer Protection Scheme 2.0, etc.
• Domain specific standards and approaches on privacy and product security (DICOM, IHE)
• CISSP/CISM/CCSK/CCSP Preferred
• This is a position that has the possibility to grow into the role. Please also apply when currently not all requirements are met.