Technical Lead, Cybersecurity - RIS Quality & Regulatory

About The Position

Requirements

• Bachelor or Advanced degree in Computer Science, Cybersecurity, Law, Biomedical Engineering, or a related field.
• Minimum of 8+ years of experience in cybersecurity, with a significant focus on medical devices or other regulated industries.
• Knowledge in Diagnostics, Pharmaceutical, and/or Medical Device industry; Regulatory Compliance, Federal cGMP's and QSR's, ISO13485 and 27001.
• Knowledge of FDA guidelines on medical device cybersecurity, ISO 14971, IEC 62304, NIST (e.g., NIST 800-53), and HIPAA.
• Knowledge of specific programming languages and technologies used in medical device development.
• Experience with incident response processes and methodologies.
• Experience with cloud security and IoT security in the context of medical devices.
• Familiarity with the Software Bill of Materials (SBOM) and its importance in medical device cybersecurity.
• Experience with penetration testing methodologies and tools.

Nice To Haves

• Leadership & Senior Management Skills.
• Experience working in a matrixed organization.
• Ability to build strong relationships and effective stakeholder management.
• Experience leading, motivating, coaching, and developing teams.

Responsibilities

• Assess and develop individual project and portfolio strategies, in conjunction with project leads, as well as identify and apply feasible approaches to ensuring cybersecurity.
• Collaborate with internal stakeholders from multiple global functions and affiliates, and external stakeholders, in particular the US FDA, on cybersecurity matters across all of our customer areas, both product-specific and above product.
• Support and lead projects in the Roche Diagnostic Policy and Strategy agenda related to cybersecurity topics.
• Drive prioritized strategies and deliverables related to cybersecurity that have the greatest impact for our customers.
• Develop and implement robust cybersecurity strategies for our products and portfolio to support successful submissions and assess the impact of new and changing regulations to the product portfolio.
• Empower and enable project teams and act as Senior Advisor and Coach.
• Ensure the Implementation of Risk Assessment and Management Across the Portfolio.
• Conduct comprehensive portfolio and/or project level cybersecurity risk assessments of diagnostics and medical devices, associated software, and networks.
• Ensure Compliance with Industry Standards.
• Partner to Ensure Security Design and Implementation Across the Product Portfolio.
• Define security requirements and specifications for diagnostics, medical devices and software.
• Monitor Threat Intelligence and Vulnerability Management.
• Engage in Incident Response and Security Awareness and Training.

Benefits

• Discretionary annual bonus based on individual and Company performance.