Sr. Manager - Product Security (REMOTE)

Work Flexibility: Remote or Hybrid or Onsite

Who we want:

• Customer-oriented achievers - Individuals with an unparalleled work ethic and customer focused attitude who bring value to their partnerships.
• Managers who drive performance - People who implement process improvements and leverage the talent of their team to consistently increase performance and productivity.
• Network builders - Managers who build connections with other teams and divisions and coordinate cross-functional collaboration.
• Subject matter experts - Managers who not only oversee the collection, review, and analysis of data but can interpret, translate, and present on all various matters as needed.

What you will do:

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers. As a Senior Manager, Product Security, you will be responsible for developing and maintaining a mature cybersecurity program for products created by the Acute Care business unit at Stryker Medical. You will lead and grow a team of cybersecurity analysts and engineers to support product teams through development and operation of embedded products, stand-alone applications, and SaaS offerings. You will oversee product security policy and operation including secure design practices, security risk management, vulnerability management, incident response, and 3rd party compliance programs such as SOC2, HITRUST, and FedRAMP. The ideal candidate is excited to advocate for the protection our customers and their patients while growing an efficient and effective security and compliance program.

Key Responsibilities:

• Oversee development, communication, and implementation of cybersecurity strategies for supported products in alignment with Stryker business objectives.
• Manage the team to support development, operations, and customer support teams in maintaining secure products that are compliant with the regulatory requirements of their target markets.
• Provide technical leadership regarding selection of cybersecurity controls, security risk assessment, and establishment of acceptable risk level.
• Support sales engineering in timely and accurate response to customer security questionnaires and cybersecurity contract review.
• Ensure products retain or achieve 3rd party compliance certifications including SOC2, HITRUST, FIPS 140-2, RMF ATO, and FedRAMP.
• Conduct penetration testing and vulnerability assessment of products. Coordinate and track resolution of findings with development teams. Develop and report relevant metrics to leadership to drive awareness and improvement of security posture.
• Facilitate rapid response to security incidents and data breaches. Lead a cross-functional response team to coordinate remediation and communications with customers, public, and media.
• Maintain a comprehensive set of tools for secure development (SAST/DAST), operation (SIEM, IDS/IDP), vulnerability monitoring, and compliance tracking.
• Monitor updates in cybersecurity regulations, standards, tools, best practices, and the threat landscape in which our products operate to adjust policies and practices to maintain state of the art.
• Ensure product security stakeholders are informed and properly trained on cybersecurity policies and procedures.

Managerial/Leadership Responsibilities:

• Execute a robust talent offense, including management of a talent bench by attracting, developing, retaining, and engaging top talent while driving personal/professional growth of individuals, the team and delivering high quality results with passion, energy and drive.
• Lead and mentor others in driving positive outcomes to abstract technical, business, and personnel problems based the application of problem-solving and process improvement methodologies.
• Leverage strong listening skills and written / verbal communication to influence and convey complex business, regulatory compliance, and/or technical ideas to customers, employees, peers, external partners, and senior leaders.
• Lead a culture of diversity, inclusion, and belonging at a team level in hiring and staff development.
• Lead high complexity projects and initiatives within the business unit, with responsibility for planning, budgeting, meeting project goals and adequately staffing with talent.
• Lead and mentor others in complex cooperative efforts across cross-functional teams and business units, influencing multiple technical areas of expertise and building key relationships, to drive innovation and ensure achievement of business goals.
• Distill department Objectives, Goals, Strategy and Mission into performance objectives for direct reports.
• Drive financial accountability across direct team and roll-up at a project level. Lead cost center budget creation, projections, and tracking activities, and contribute to higher-level R&D budget at business unit level, projections, and tracking activities.

What You Need:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline
• A minimum of 10 years of experience in an information security discipline
• A minimum of 4 years of experience in a supervisory role
• Expert knowledge of cybersecurity as it relates to cloud, applications, and IOT embedded devices.
• Demonstrated ability to maintain compliance with security and privacy standards (e.g., NIST 800-53, HIPAA, HITECH, GPDR, EU MDCG, SOC2, HITRUST)
• Demonstrated ability to provide guidance and direction to geographically dispersed staff.

What We Would Love That You Have (Preferred):

• Experience working under FDA regulation or supporting the health care industry.
• Advanced degree and professional cybersecurity certifications such as HCISSP, CISSP, CCISO, or CISM.
• Demonstrated ability to build new teams and organizational competencies.
• Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).

Travel Percentage: 10%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer - M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.