Product Security Governance Engineer

Summary of the Position

Alcon is looking to hire Product Security Governance Engineer.

JOB PURPOSE

• Update and Develop product security processes for medical and non-medical devices.

• Creating trainings material for product security processes for medical and non-medical devices.

• Help in building Co-ordinated Vulnerability Management processes and program.

• Help in building and developing common automated scripts and tools as applicable.

• Knowledgeable of product security landscape.

• Review and conduct gap assessments of different regulatory body standards.

• Lead efforts to close the gaps in Alcon’s product security related standard procedures.

• Build strong collaboration with cross-functional stakeholders and teams across the product development lifecycle.

• Contribute to analyzing risks, assessing security gaps, and recommending possible solutions.

• Provides accurate documentation of metrics and KPIs, and security process results for management and stakeholders.

• Works closely with the Bangalore and Lake Forest Product Security, Quality, Regulatory and Software teams and stake holders both on-shore and off-shore to coordinate governance oversight of security software development activities and associated deliverables.

• Support audits, regulatory and other compliance activities by coordinating efforts for providing requested information and supporting documentation as required for changes in regulatory requirements.

• Communicate with customers and stakeholders concerning discovered vulnerabilities.

• Supporting incident response processes and Product Security Incident Response Team as required in addressing the identified incidents as necessary.

• Works closely with the Product Security team to support product security activities and associated deliverables

JOB FUNCTIONS

Duties are listed in order of greatest importance.  Other responsibilities may be assigned. 

You will be responsible for developing, implementing and maintaining robust security measures across all stages of our product development and post launch process. You will collaborate with cross-functional teams to integrate security best practices and ensure the protection of our products against potential threats. Develop, Implement and enforce security best practices throughout the entire software development lifecycle (SDLC) Helping in getting different certifications for medical products. Help in conducting security awareness training for development teams to enhance their understanding of security and privacy principles and practices. Stay updated on the latest security trends, regulatory standards, vulnerabilities, and mitigation strategies. Perform and/or support periodic table-top exercises as directed, create or reviewing final reports. Write and/or review product security and privacy communication and/or update communications to internal stake holders. Summarize product risks for stakeholder reports. Interact with outside vendors, write/modify/convey host module requirements, and be able to identify and hold outside vendors accountable for their deliverables. Help in getting the certifications like UL-2900 for Alcon products.

QUALIFICATIONS

Minimum Requirement

BS of Computer engineering or Information Security or other related discipline with 4 years’ experience; or 6 years of relevant experience. Solid understanding of Software Development Lifecycle Management (SDLC) – (Agile/Scrum, iterative) Proven experience in a Product Security field or in a similar role. Ability to coordinate and balance activities between multiple associates Ability to work independently, proactively identify issues, recommend, and implement solutions, and deliver quality results on schedule while managing multiple tasks and internal customers. Good interpersonal & Communication skills to build positive departmental and inter-departmental relationships in a virtual, remote and asynchronous environment. Prior experience on medical device software and data integrity Understanding of FDA/ISO regulations related to medical device software. Strong understanding of secure coding principles, encryption, and authentication protocols

Familiarity with industry standards and frameworks such as OWASP, NIST, UL-2900 and ISO 27001.

Excellent communication and collaboration skills. Knowledge of use of following types of tools: SAST, DAST, SBOM, network forensics tools, fuzzing, standard penetration test, governance tools. Knowledge of cybersecurity concepts. Ability to work independently, proactively identify issues, recommend and implement solutions and deliver quality results on schedule while managing multiple tasks and internal customers. Good interpersonal & Communication skills to build positive departmental and inter-departmental relationships in a virtual, remote, and asynchronous environment. Experience in Certifications like UL-2900 Understanding of Window OS services, processes, driver and registry configurations and analysis techniques is a plus Fluent English; excellent verbal and written communication skills

Employment scams: Alcon is aware of employment scams which make false use of our company name or leader’s names to defraud job seekers. Alcon does not offer any positions without interview and never asks candidates for money. All our current job openings are displayed here on the Careers section of our website, where you can search for open positions and apply directly.
If you have encountered a job posting or been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond, send money or personal information, and check our website for current job openings.

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital status, disability, or any other reason.