Senior Director, Product Security (Remote/Flexible)

Position Overview: The Sr Director of Product Security will be responsible for developing and executing a comprehensive product security strategy that aligns with our business objectives and regulatory requirements. This role requires a dynamic leader with a deep understanding of cybersecurity in the medical device industry, experience managing large teams, and the ability to collaborate effectively with senior security leaders and cross-functional teams.

Key Responsibilities:

• Strategic Leadership – Implement and refine the product security strategy and maturity effort, while tightly partnering and communicating with product delivery teams to ensure secure product launches and continuous risk reduction. Strong problem solving and decision-making skills.
• Culture – foster a tightknit team, by motivating, mentoring, and aligning their day-to-day activities with security and business objectives. Promote education and awareness across the organization.
• Communication at all Levels – Across potential board-level meetings to technical engineering discussions, strong communication needed to ensure visibility and alignment of security risks, impacts, and mitigating actions.
• Cloud, Mobile App, and Application Security Engineering Services: Provide managed and repeatable application and Cloud security engineering services in support of the company's products and services, including threat modeling, risk management, and vulnerability testing. Collaborating with various technical teams to architect secure cloud environments and mobile application products; confirming they meet corporate and technology security standards and guidelines.
• Cybersecurity Design Requirements: Support the development and testing of standard cybersecurity design requirements for medical device products.
• Process Integration: Collaborate with Cybersecurity and Quality Teams to ensure cybersecurity processes are fully integrated with the company's Quality Management System (QMS) and operationalized.
• Documentation Management: Support the publication of documentation related to the management of cybersecurity in medical device FDA submissions.
• Post-Market Cybersecurity Management: Ensure continuous threat and vulnerability assessments against all products in the field, manage the company's Coordinated Disclosure Program, and participate in Information Sharing and Analysis Organizations (ISAOs).
• Incident Management: Support and provide input into best practices related to medical device cybersecurity incident management processes, in alignment with the broader cyber security team.
• Risk Management: Taking a pragmatic and business-aligned approach in solutioning risk reduction efforts with business partners and product delivery teams.. Develop and monitor risk registers for all medical device products.
• Secure Software Development Lifecycle (S-SDLC): Develop, implement, train, and maintain the S-SDLC program.
• Security Assessment: Lead Penetration testing, continuous application vulnerability assessment efforts, including static and dynamic application security testing (SAST & DAST/SBOM) for Insulet products.
• Identity and Access Management: Partner with cybersecurity teams to support the identification, development, and maintenance of Identity and Access Management solutions for consumer and patient identity.
• Security Posture Evaluation: Collaborate with cybersecurity teams to evaluate and document the cybersecurity posture of applications by leveraging standard and repeatable procedures informed by industry best practice guidance (e.g., NIST Cybersecurity Framework, NIST Risk Management Framework, ISO 2700x).
• Innovation: Provide innovative and creative solutions to mitigate business or technical cybersecurity issues.
• Compliance: Ensure compliance with all regulatory, audit, security, and risk management requirements.
• IT Systems Integration: Partner to integrate IT systems development and vulnerability management with security policies and information protection strategies to support the company's product, patient, and corporate environments.
• Security Architecture: Support IT systems security architecture design and review, along with the creation and maintenance of documented security standards.
• Stakeholder Management – working with stakeholders to translate security requirements into operational security practices.
• Leadership and Training: Provide leadership, training opportunities, and guidance to personnel.

Education and Experience:

• Minimum Requirements:
  • 7+ years of people management experience.
  • Bachelor’s degree or higher, or substantial verifiable experience in three or more of the following areas:
    • Application development.
    • Application security engineering.
    • Application penetration testing.
    • FDA requirements
  • Knowledge of web and mobile application architecture patterns, concepts, distributed environments, and database technologies.
  • Practical experience with OWASP, CVSS3.0, STRIDE framework, CVE, and CWE.
  • Practical experience with Android and iOS development techniques and patterns.
  • Program Management/Agile Scrum experience
• Preferred Skills and Competencies:
  • Relevant security certifications (e.g., CISSP, CEH) are a plus.
  • Relevant development certifications (e.g., AWS, Scrum) are a plus.
  • IAM experience is a plus.
  • Experience with data integration technologies (e.g., RESTful, SOAP,HL7) is a plus.
  • Strong understanding of encryption, cryptography, and secrets (key) management.
  • Experience with cloud compute infrastructure (e.g., AWS, Azure).
  • Experience with security threat modeling.
• Tools:
  • IDEs (e.g., Eclipse, Android Development Studio).
  • Atlassian development and collaboration tools (e.g., BitBucket, Bamboo, Jira, Confluence).
  • SAST platforms (e.g., Veracode, Checkmarx).
• Skills:
  • Strong communication and interpersonal skills, with the ability to communicate ideas clearly and efficiently across technical and non-technical audiences.
  • Ability to prioritize multiple tasks and develop innovative solutions to meet project expectations without compromising good design.

Why Join Us: You will have the opportunity to make a significant impact on patient safety and product integrity. We offer a collaborative and inclusive work environment where innovation and professional growth are encouraged. Join us in our mission

Physical Requirements (if applicable):          

• None

NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote

Additional Information:

The US base salary range for this full-time position is $219,000.00 - $328,500.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.

Insulet Corporation (NASDAQ: PODD), headquartered in Massachusetts, is an innovative medical device company dedicated to simplifying life for people with diabetes and other conditions through its Omnipod product platform. The Omnipod Insulin Management System provides a unique alternative to traditional insulin delivery methods. With its simple, wearable design, the tubeless disposable Pod provides up to three days of non-stop insulin delivery, without the need to see or handle a needle. Insulet’s flagship innovation, the Omnipod 5 Automated Insulin Delivery System, integrates with a continuous glucose monitor to manage blood sugar with no multiple daily injections, zero fingersticks, and can be controlled by a compatible personal smartphone in the U.S. or by the Omnipod 5 Controller. Insulet also leverages the unique design of its Pod by tailoring its Omnipod technology platform for the delivery of non-insulin subcutaneous drugs across other therapeutic areas. For more information, please visit insulet.com and omnipod.com.

We are looking for highly motivated, performance-driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!

At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

(Know Your Rights)