Product Security Officer

Job Title

Job Description

The Product Security Officer (PSO) will be responsible for advancing the practice of product security design and development across Business Units.

The role will require influence and leadership through collaboration with GM and R&D Engineering & Development teams.

Our goal is to ensure that our product development teams maximize economic value, design secure products, optimize product security features, performance, manufacturing costs and time to market as we bring life-saving products and services to the world with outstanding quality, security and reliability.

When applicable, the PSO will manage functional reports (Product Security Leads) within various BU locations.

Your role is to:

• Identify Risks throughout the Idea-to-market (I2M) and work with other teams as necessary to provide mitigation and cost/benefit analysis.
• Ensure customer security requirements are being addressed within our products.
• Support business initiatives by providing solutions based on standard methodologies, regulatory and customer requirements.
• Support the development of risk mitigations and control plans for the product in the Business.
• Develop Risk and Benefits Cost analysis to present to the Product/Program Manager.
• Ensure that all Penetration, Vulnerable assessment and Fuzz testing are completed.
• Conduct PSRA (Product Security Risk Assessments) and threat models with BU (Business Units) experts.
• Perform Product Security Audit and Compliance activities.
• Report on business specific Key Performance Indicators.
• Work with Product Managers, Field Marketing, Services and Sales to collaborate on Product Security topics, incident response and customer complaints.
• Work with Quality and Regulatory on Product Security process and procedures in QMS (Quality Management System).
• Support the Product and Security Services Office to drive security standards throughout the business.
• Champion the importance of product security during the life cycle of products. Develop/tailor and conduct information security training for product managers, program managers and architects.
• Monitor and communicates emerging security requirements as potential policy and guidance; work with the "various internal business and product security teams as needed.
• Support the BU with regulatory submissions and product certifications such as DoD ATO.
• Support the BU with customer facing documentation such as MDS2 and security whitepapers.
• Maintain the business continuity/disaster recovery plan.

You're the right fit if:

• Technical Bachelor’s degree in Computer Science, Engineering, or Biotechnology required MBA or Master’s degree (preferred) Minimum of 6 years in product security or risk management CISSP/CISM Preferred.
• Experience in Incident handling and response.
• Experience in designing software development products using SDLC (i.e., Agile, DevOps).
• Experience working in a large global organization.
• Experience in Health information security management (ISO 27799, ISO/IEC 80001, RMF for DoD IT).
• A comprehensive knowledge of ISO 27001,NIST 800-53 R4, ISO 9001, NEN 7510, NEN 7512 and NEN 7513.
• Familiar with Laws and regulations on privacy, data protection, and breach notification (95/46/EC, HIPAA, FDA, ISO/TS 14265, 21CFR820, SB1386, etc.)
• Domain specific standards and approaches on privacy and product security (DICOM, IHE).
• Understanding of Windows and Linux operating systems and networking required.
• An extensive knowledge of the General Data Protection Regulation (GDPR) and international privacy legislations (including HIPAA).
• Proficiency in English, both orally and in writing (minimum C1 level).
• Readiness to travel ~15%

How we work together

We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities.​ Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.​

This role is an office role.

About Philips

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.

• Learn more about our business here.
• Discover our rich and exciting history here.
• Learn more about our purpose here.

If you're interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#LI-EU