Director, Cybersecurity Regulatory Affairs

MCRA, an IQVIA business, is a leading medical device advisory firm and clinical research organization (CRO). MCRA's value contribution rests within its industry experience at integrating five business value creators—regulatory, clinical research, reimbursement, healthcare compliance, and quality assurance—to provide a dynamic, market-leading effort from concept to commercialization. MCRA's integrated application of these key value-creating functions provides unparalleled expertise for its clients. MCRA has offices in Washington, DC, Manchester, CT, New York, NY, and a global presence in Japan and Europe and serves more than 1500 clients globally. Its core focus areas of therapeutic experience include orthopedics, spine, cardiovascular, neurology, digital health, diagnostic imaging, wound care, dental, general healthcare, robotics, and in vitro diagnostic (IVD) devices.
MCRA, an IQVIA Business is seeking a Director, Cybersecurity Regulatory Affairs with working knowledge and experience with FDA requirements for cybersecurity to provide consulting advisory services to MCRA clientele. As a critical piece of MCRA’s Digital Health programs, this position will support medical device regulatory and FDA cybersecurity knowledge for the client product lifecycle – from device development, through and beyond device deployment. This individual will assist medical device manufacturers to support submissions to regulatory bodies (US FDA and global agencies) and serve as a focal point for cybersecurity in the regulatory department.  

Responsibilities

• Interface with clients to gather information and review documentation for correctness and compliance with regulatory guidelines in order to develop submission quality documentation for marketing applications.
• Conduct risk management and vulnerability analyses on medical devices and support manufacturer’s cybersecurity strategy development, system testing and evaluation, and verification and validation efforts.
• Review client documentation to identify and inform recommendations for improving policies, processes, and procedures based on new and/or evolving Federal standards, requirements and/or guidelines.
• Research, review, monitor, and report on industry best practices, latest cybersecurity developments and trends, standards, and guidelines, and apply these to services provided.
• Stay current on US medical device regulatory requirements.

Qualifications

• Bachelor’s degree in engineering, science, information systems or another closely related degree program required; advanced degree preferred.
• A minimum of 6-8 years of experience in Regulatory Affairs related to medical devices. Work experience must include the writing and/or reviewing of US regulatory submissions including, but not limited to: 510(k)s, De Novos, PMAs, IDE, and Pre-Submissions.
• 5+ years of experience working within information/cyber security required.
• Consulting or client facing experience preferred; direct healthcare and/or medical device experience required.
• Understanding of medical device development concepts and a technical background to assist with software, cybersecurity and clinical strategies and be able to effectively communicate these strategies to internal team members and clients.
• Possess US regulatory experience/fluency with FDA regulations.
• Experience with FDA pre- and post-market management (emphasis on premarket) of cybersecurity of medical device guidance documents is preferred.
• Familiarity with information threat analysis and risk assessments (e.g., TIR57, ISO 14971) and detection concepts and principles and impact based on industry best practices (e.g., NIST framework, ISO 27001, Center for Internet Security (CIS) controls).
• Demonstrated technical proficiency. Has worked on moderately complex problems where analysis of situations or data requires evaluation.
• Knowledge of threat modeling, penetration testing, cybersecurity research, and knowledge of encryption technologies, ethical hacking, and endpoint security tools is preferred.
• Entrepreneurial and self-motivated, especially in the face of ambiguity and imperfect knowledge/data.
• Strong communication skills (this will be a client facing position).
• Ability to manage tasks independently and take ownership of responsibilities.
• Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyber-attacks.

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as to meet the ongoing needs of the organization.  MCRA, an IQVIA business, is an equal opportunity/Affirmative Action employer and does not discriminate in its selection and employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, political affiliation, sexual orientation, gender identity, marital status, disability, protected veteran status, genetic information, age, or other legally protected characteristics.