Fresenius Medical Care is a global health care company with a special goal: provide the best possible care. Our team of experts works to improve the quality of life for a growing number of patients around the world.
We are seeking a highly skilled Product Security Expert to play a critical operational role in the implementation and execution of the Product Security Program across our global product portfolio.
The ideal candidate will have at least 5 years of professional experience in IT Security, cybersecurity (e.g. embedded systems, risk management, regulatory requirements) with in-depth knowledge of enabling technologies and technical solutions in the field of cybersecurity.
Responsibilities include maintaining and continuously updating the Cybersecurity Risk Register for all products in the portfolio, executing the Post-Market Surveillance process for cybersecurity, and operating the Coordinated Vulnerability Disclosure and Incident Response process.
The successful candidate will also contribute to the development and rollout of cybersecurity-related policies, SOPs, and guidelines, ensuring alignment with the overall QMS and evolving regulatory requirements.
In addition, the Product Security Expert will define and maintain Cybersecurity Management Plans and Security Verification Plans for CE products throughout the development lifecycle.
The role requires a solid knowledge of the whole development cycle for products from regulated industries, as well as relevant cybersecurity regulations and guidelines such as FDA pre-market and post-market guidance, Section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0.
Candidates should have successfully completed a bachelor's or master's degree in computer science, information technology or similar field and be fluent in English.
The Product Security Expert will work closely with engineering, design quality, regulatory, and post-market teams to help embed security by design, support vulnerability handling, and contribute to continuous improvement of the product security framework.
Briefly summarized, this challenging position entails developing and implementing robust cybersecurity measures to safeguard our products and ensure compliance with regulatory requirements.
* Maintain and continuously update the Cybersecurity Risk Register for all products in the portfolio
* Execute the Post-Market Surveillance process for cybersecurity
* Operate the Coordinated Vulnerability Disclosure and Incident Response process
* Contribute to the development and rollout of cybersecurity-related policies, SOPs, and guidelines
* Define and maintain Cybersecurity Management Plans and Security Verification Plans for CE products