Product Security Manager (Andover, MA)

Life Unlimited. At Smith+Nephew we design and manufacture technology that takes the limits off living.

The Smith + Nephew Product Security Manager, in collaboration with Global IT, R&D and Compliance Teams, will provide oversight on cybersecurity architecture and engineering services with the ultimate goal of ensuring Smith + Nephew products and their data is secure and resilient to cybersecurity threats.

**This position is not offering visa sponsorship now or in the future**

What will you be doing?

• 40%) People Management - encourage the development and advancement of personnel on their team, while directly overseeing the team of product security engineers supporting this franchise in their ability to deliver on assigned projects.

• (25%) Secure-Software Development Life Cycle - Help develop and mature Global Product Security Strategy and Secure-Software Development Life Cycle (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning. Ensure ongoing awareness and understanding of emerging threats and industry best practices.

• (10%) Technical Cybersecurity Architecture and Engineering Services - Oversee the definition and support the implementation of cybersecurity requirements and controls in support of multiple Smith + Nephew technologies, capital devices, digital accessories, connected infrastructures and software applications.

• (5%) Product Security Risk Management and Threat Modelling - Lead the creation and maintenance of Product Cybersecurity Risk Registers and Threat Models throughout the development lifecycle to identify and mitigate cybersecurity deficiencies as early in the development lifecycle as possible.

• (5%) Product Security Testing and Assessment - Lead the execution and integration of cybersecurity testing and assessment activities throughout the development lifecycle to identify and formulate mitigation strategies for cybersecurity deficiencies. Support the identification of technical solutions and ensure the integration of automated security tools and processes to help mitigate security vulnerabilities. This includes but is not limited to: Vulnerability Testing, Penetration Testing, Code Analysis, Endpoint Protections, etc.

• (5%) Incident Response - support best practice (ISO 29147/30111) product cyber security incident response (IR) activities.

• (10%) Outward Facing - Provide technical leadership and competency in communications with stakeholders outside of Smith + Nephew. Help to answer questions regarding the security of different products. This includes but is not limited to: Regulators, Customers, Auditors, Industry Groups, Researchers, etc.

What will you need to be successful?

• Education: Bachelor's degree in life science, computer science, information systems and/or equivalent formal training or work experience.

• Experience: 5+ years in hands-on cybersecurity experience.

• 2+ years people management experience.

• Strong ability to influence and think strategically.

• Clear understanding of mitigating security controls, vulnerability management, penetration testing, and code security.

• FDA and other medical device regulators.

• Knowledge of cyber security standard frameworks such as HIPAA, FDA, ISO 27001/2, NIST CSF, and OWASP.

• Understanding of network infrastructure, including firewalls, web proxy and/or email architecture- particularly as they apply in a mitigating control functionality.

• Experience with different cloud computing platforms and the cloud security framework.

• Ability to design, recommend, plan, guide, and support implementation of innovative security solutions.

• Leadership if any: 2+ years of people management

• Travel Requirements: up to 10% domestic and international

You. Unlimited

We believe in creating thegreatest good for society. Our strongest investmentsare in our people and thepatients we serve.

Inclusion and Belonging: Committed to Welcoming, Celebrating and Thriving on Inclusion and Belonging. Learn more aboutEmployee Inclusion Groupson our website (https://www.smith-nephew.com/).

Life at Smith+Nephew: At Smith+Nephew, we care for one another professionally and personally. Find out more about inclusion, diversity and equity, flexibility, and wellbeing at work.

Other reasons why you will love it here!

• Your Future: 401k Matching Program, 401k Plus Program, Discounted Stock Options, Tuition Reimbursement
  Work/Life Balance: PTO, Paid Holidays, Flex Holidays, Paid Community Service Day

• Your Wellbeing: Medical, Dental, Vision, Health Savings Account (Employer Contribution of $500+ annually), Employee Assistance Program, Parental Leave, Fertility and Adoption Assistance Program

• Flexibility: Hybrid Work Model (For most professional roles)

• Training: Hands-On, Team-Customized, Mentorship

• Extra Perks: Discounts on fitness clubs, travel and more

#LI-LS2

#LI-HYBRID

Smith+Nephew provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability.