Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

Job TitleProduct Security Professional Greater China Market
Job Description

Job Description

The Product Security Professional will be responsible for advancing the practice of product security risk assessment and design across Business Units in Greater China Market. The role will require influence through collaboration with Q&R, R&D, Sales, Service and RA teams.
Our goal is to ensure that our product development teams maximize economic value, design secure products, optimize product security features, performance, manufacturing costs and time to market as we bring life-saving products and services to the world with unsurpassed quality, security, and reliability.


Key Responsibilities

Identify Risks throughout the Idea-to-market (I2M) and work with other teams as necessary to provide mitigation and cost/benefit analysis
Ensure customer security requirements are being addressed within our products
Support business initiatives by providing solutions based on best practices, regulatory and customer requirements of product security
Support the development of risk mitigations and control plans for the product in the Business
Develop Risk and Benefits Cost analysis to present to the Product/Program Manager
Ensure that all Penetration, Vulnerable assessment, and Fuzz testing are completed
Conduct PSRA (Product Security Risk Assessments) for BU (Business Units)
Perform Product Security Audit and Compliance activities
Reporting on business specific Key Performance Indicators (KPIs)
Work with Product Managers, Field Marketing, Services and Sales to collaborate on Product Security topics, incident response and customer complaints
Work with Quality and Regulatory team on Product Security process and procedures in QMS (Quality Management System), and govern product security
Work with product security officer and local teams to support L4L, L4G, G4L product security
Support product NMPA registrations
Support the M&A process on Product Security aspects
Support to qualify China local security vendor
Champion the importance of product security during the life cycle of products
Develop/tailor and conduct product security training


We are looking for

Bachelor or above degree in Computer Science Engineering
Minimum of 5 years in product security or security risk management, or security designs
Strong communication, presenting, problem-solving skills in global cross-site teams
Experience in the complex digital architecture solutions using Web, Mobile apps, IOT, Cloud, AI, big data from both international and China specific ecosphere perspective, and knowledge of Cryptography Application Security Assessment and Information Technology Application Innovation
Experience in incident handling and response
Experience in designing software development products using SDLC (i.e., Agile, DevOps, DevSecOps)
Experience in Health information security management (ISO 27799, ISO/IEC 80001, DIACAP) (Preferred)
A solid development experience in security designs and penetration test (Preferred)
Familiar with Laws and regulations on privacy, data protection, and breach notification (95/46/EC, GDPR, HIPAA, FDA, NMPA, MPLS, ISO/TS 14265, 21CFR820, SB1386, etc.)
Familiar with Chinas with Laws and regulations: Cybersecurity Law, Data Security Law, Personal Data Protection law, Multi Layer Protection Scheme 2.0, etc.
Domain specific standards and approaches on privacy and product security (DICOM, IHE)
CISSP/CISM/CCSK/CCSP Preferred
This is a position that has the possibility to grow into the role. Please also apply when currently not all requirements are met.