Senior Product Security Specialist(GRC)(REMOTE)

Work Flexibility: Remote or Hybrid or Onsite

Who we want:

• Customer-oriented achievers - Individuals with an unparalleled work ethic and customer focused attitude who bring value to their partnerships.
• Self-directed innovators - People who take ownership of their work and need no prompting to drive productivity, change, and outcomes.
• Detail-oriented process improvers - Critical thinkers who naturally see opportunities to develop and optimize work processes - finding ways to simplify, standardize and automate.
• Collaborative partners - People who build and leverage cross-functional relationships to bring together ideas, information, use cases, and industry analyses to develop best practices.

What you will do:

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers. As a Governance, Risk, & Compliance (GRC) Specialist, Product Security, you will be responsible for ensuring the safety, integrity, and resilience of SaaS products developed by the Acute Care business unit at Stryker Medical. You will work with cross-functional stakeholders to identify, evaluate, and mitigate security risks across products. The ideal candidate is excited to advocate for the protection our customers and their patients through creation and implementation of efficient meaningful security processes.

Key Responsibilities:

• Apply common risk assessment frameworks (e.g., NIST 800-52, ISO 27001) to assess security risks in relation to business objectives and risk tolerance.
• Operate third party compliance programs (e.g., SOC2, HITRUST) through audits, gap assessments, and continuous monitoring.
• Guide product teams in interpreting and mapping security requirements to control implementation.
• Develop, update, and manage product security policies, procedures, and trainings based on industry security standards.
• Identify security policy compliance issues and coordinate remediation with leadership and cross-functional stakeholders.
• Monitor, analyze, and report product security metrics to provide visibility and accountability for the effectiveness of security tools and processes.
• Assist sales teams in responding to customer queries about product security and organizational controls.
• Maintain and operate vulnerability scanning and security monitoring solutions.
• Investigate and coordinate response to security incidents and vulnerability reports including analysis of exploitability, remediation planning, and disclosure strategy.
• Maintain vendor relationships for third-party security tools and services.

What You Need:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline
• Minimum 6 years of related experience

Nice to haves

• Demonstrated competence with compliance, security, and privacy standards and frameworks (e.g., NIST 800-53, HIPAA, HITECH, GPDR, EU MDCG, SOC2, HITRUST)
• Experience leading product security projects.
• Solid understanding of security for SaaS applications and cloud-based services (e.g., AWS)
• Strong ability to communicate cybersecurity information to engineering, sales, customers, and other non-subject matter experts.
• Demonstrated success bringing a product through HITRUST certification.
• Experience conducting HIPAA security assessments.
• Experience working in medical device, health care, or other regulated industry.
• Professional cybersecurity certifications such as Security+, HCISSP, CISSP, CISA, CCSP, SSCP, and GSEC.
• Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).
• Understanding of encryption, authentication, authorization, and identity management technologies (e.g., LDAP, OAuth, PKI, FIPS 140-2).
• Proficiency with available cybersecurity tools and their usage (e.g., Orca, Tenable, Qualys, CrowdStrike, Veracode, JamF, Okta etc.)

$109,500- $232,900salary plus bonus eligible + Benefits (Health, Vision, Dental, 401K, Tuition Reimbursement, Employee Assistance Program, Wellbeing Program, Employee Stock Purchase Program). This information reflects the anticipated salary range for this position based on current national data. Actual minimum and maximum may vary based location. Individual pay is based on skills, experience, and other relevant factors.

Travel Percentage: 10%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer - M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.