Product Cyber Security
Experis is the global leader in professional resourcing and project-based workforce solutions.
Our global Pharmaceutical client located in Zug, is looking for a Cyber Security Expert preferably with a CISSP Certification and experience in a Medical Device company.
As a Product Cybersecurity Expert you will be part of the Product Security & Privacy Operations department in the Product Security Engineering team. The main goal of PSPO is to deliver product security and privacy that regulators require, customers expect and our patients deserve.
The perfect candidate:
We are seeking a highly motivated professional with experience in security and privacy to join a dynamic team. As a PSPO member, you will help with SDLC activities such as threat modeling, cybersecurity risk management and laying out remediation strategies for vulnerability to ensure an effective implementation of cybersecurity in the company's products. You will be working together with product teams with interdisciplinary backgrounds especially during design and development phases of the product life cycle, providing cybersecurity subject matter expertise.
- Start date: ASAP or latest 01.11.2023
- Extension: possible
- Workplace: Rotkreuz
- Workload: 80-100%
- Remote/Home Office: 2 days onsite usually, 3 days HO
Tasks & Responsibilities:
- End-to-end activities that belong to the secure software development lifecycle for products. Defining adequate cyber security mitigations, identifying threats, assessing risks, definition of security testing methods and scope, and track remediation actions of security findings during development
- Conduct planning and execution of 3rd party review activities (Verification & Validation) related to Cybersecurity and Software Architecture
- Proactively identify flaws in product security, assess patient safety and business risk, and advise product managers on remediation steps
- Advice product teams to plan and implement adequate cybersecurity maintenance activities throughout the product's lifecycle
- Support development and maintenance of processes and tools for threat modeling, cybersecurity risk assessment, security testing with penetration testing tools, like Kali Linux, OWASP ZAP, Nessus and others
- Minimum 5 years of related work experience in product security, with demonstrated experiences in areas such as:
- SDLC in Software Development, Network technology, Cryptography, Cloud computing technologies, DevSecOps methodologies etc.
- Threat modeling, attack surface analysis, risk management, security testing, penetration testing and remediation activities.
- Security by design and default concepts, OS hardening
- system and cloud infrastructure hardening and monitoring
- Preferable certifications: CISSP
- Working knowledge of security controls, guidelines and standards (e.g.ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST)
- Good understanding of privacy and data protection regulations (e.g., HIPAA, EU GDPR)
- Demonstrated soft skills: problem solving, leadership, communication, teamwork,
- Flexibility and adaptability
- Strong communication skills in English(min. C1 Level), German would be a plus
Nice to Have:
* experience in a medical device company
Interested in this opportunity? Kindly send us your CV today through the link in the advert. However, should you have any questions please contact Elaine Kanwar at +41 61 282 22 23