Cybersecurity Expertise for Product Development
Fresenius Medical Care’s commitment to delivering innovative products and services relies heavily on the implementation of robust cybersecurity measures. As a global healthcare provider, we understand the importance of protecting patient data and ensuring the security of our medical devices.
The role of Product Security Expert plays a critical operational part in the execution of the Product Security Program across our global product portfolio, including active, non-active, and digital devices. This function supports the Product Security Officer by applying cybersecurity principles in day-to-day development activities, coordinating post-market assessments, documenting risks, and ensuring the application of defined processes and controls in alignment with regulatory requirements and internal standards.
Key Responsibilities:
* Maintain and continuously update the Cybersecurity Risk Register for all products in the portfolio
* Execute the Post-Market Surveillance process for cybersecurity, including analysis of security-related complaints, incidents, and vulnerabilities
* Operate the Coordinated Vulnerability Disclosure and Incident Response process, including triage, coordination, tracking, and documentation.
* Act as the primary coordinator for product-related cybersecurity activities, working closely with R&D and system engineering teams to ensure secure product development
* Contribute to the development and rollout of cybersecurity-related policies, SOPs, and guidelines, ensuring alignment with the overall QMS and evolving regulatory requirements
Product-Level Security Planning:
* Define and maintain Cybersecurity Management Plans and Security Verification Plans for CE products throughout the development lifecycle
* Support Security Risk Management activities, including threat and risk analysis, countermeasure definition, and evaluation of residual cybersecurity risks
* Support the preparation of risk/benefit assessments for cybersecurity risks to enable informed decision-making and documentation
* Collaborate in product roadmap planning, contributing cybersecurity input and supporting alignment with the state of the art in security technologies and practices
Requirements:
* Successfully completed bachelor's or master's degree in computer science, information technology, or similar field
* At least 5 years of professional experience in IT Security, cybersecurity (e.g., embedded systems, risk management, regulatory requirements) with in-depth knowledge of enabling technologies and technical solutions in the field of cybersecurity
* Experience in R&D in medical devices or other industries with international exposure
* Solid knowledge of the whole development cycle for products from regulated industries
* Knowledge of relevant cybersecurity regulations and guidelines such as FDA pre-market and post-market guidance, Section 2.4b CFR, IEC 81001-5-1, IEC 62443-4-1, JSP 2.0
* Relevant cybersecurity certifications are an advantage
* Knowledge of cybersecurity relevant tools (e.g., Microsoft Threat Modelling Tool, BlackDuck Binary Analysis Tool, Kali Linux)
* High engagement on achieving targets and objectives, proactive and solution-oriented approach towards problems, ability to work cross-functionally with all levels of employees
* Good and professional relationship to and communication with international colleagues and superiors
* Fluent English; German language is a plus