Sr. Director Information and Product Security

at  Spacelabs

Overview:
At Spacelabs Healthcare, we are on a mission to provide continuous innovation in healthcare technology for better clinical and economic outcomes. Our scalable solutions deliver critical patient data across local and remote systems, enable better-informed decisions, increase efficiencies, and create a safer environment for patients.
Why work at Spacelabs? Because lives depend on you!
The Senior Director of Information and Product Security is responsible for overseeing Spacelabs’ comprehensive and enterprise-wide information security management program, including information security, security of our IT applications and technology, and medical device product cybersecurity.
The Senior Director of Information and Product Security shall assess risks and vulnerabilities to establish and maintain necessary operational controls, physical protections, and secure technology to protect the company’s information and technology, based upon industry-accepted information security and risk management standards and in compliance with local, federal, and international regulations and laws.
The Senior Director of Information and Product Security is also responsible for overseeing product security for Spacelabs’ software and hardware products and systems that are used by our healthcare customers. He or she shall manage a team of security professionals and work with other company functions to support pre- and post-market medical product design, development, and maintenance.

• Develop and implement a comprehensive information security strategy
• Assess and mitigate information and technological vulnerabilities and risks
• Surveil and identify emerging security threats and trends that may impact the organization and its products and systems
• Maintain security risk management plans and vulnerability assessments to identify and address security weaknesses and threats
• Identify and assess data use, storage, and process flows to ensure adequate protection and controls (“Adequate Security”)
• Collaborate and align Security Strategy with Corporate Information Security
• Implement administrative, physical, and technical controls necessary to ensure Adequate Security and regulatory compliance
• Establish and maintain information security policies and procedures
• Identify, arrange, prepare, and perform staff training and refresher training
• Implement and manage security technologies, such as firewalls, intrusion detection, encryption, etc.
• Report on system performance to management, including internal audits, corrective action, performance towards objectives, response to issues and concerns, driving improvements, etc.
• Provide direction for company privacy and security Design Control, Risk Management, and Post-market Surveillance processes, activities, and outputs
• Represent privacy and security interests and provide guidance as a member of company cross-functional design teams
• Conduct regular risk assessments and vulnerability tests to identify potential security threats and develop strategies to mitigate them
• Stay up to date with the latest industry trends, threats, and technologies to ensure that the organization’s IT security measures are current and effective
• Collaborate with other departments to ensure that security requirements are integrated into the design and implementation of new systems and technologies
• Develop and maintain incident reporting and response plans to ensure preparedness for security incidents and breaches
• Direct and lead investigations of security incidents, breaches, and alleged vulnerabilities
• Lead efforts to contain, recover, and remediate from breaches, incidents, and near-misses
• Evaluate and perform breach reporting
• Drive product corrective actions, field corrective actions, and customer notifications when necessary to address security vulnerabilities and risks
• Assess and ensure compliance with industry standards and applicable laws and regulations
• Represent the company in audits and inspections
• Pursue and maintain identified certifications, such as ISO 27001 and ISO 13485
• Define the strategy, direction, and objectives of the security team
• Hire, mentor and coach team members to create a competent and empowered team
• Work with engineering and other teams to help us build secure infrastructure and products
• Ensure that direct report(s) are trained and evaluated on their knowledge and adherence to the company’s values, Code of Ethics and Conduct, and applicable compliance policies
• Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
• Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
• Duties may be modified or assigned at any time to meet the needs of the busines