Philips Sr Manager, Services Security in Bothell, Washington
At Philips, we believe people should be healthy, live well and enjoy life. We challenge ourselves every day to deliver on this promise and help solve the world’s most pressing health care concerns.
We do this by developing innovative solutions across the continuum of care in partnership with clinicians and our customers to improve patient outcomes, provide better value and expand access to care.
Philips is looking for a product security officer to help us ensure the security of our Products and Services.
This position is responsible for providing guidance, expertise and solutions to Customer Service organizations:
Specific job responsibilities include:
Develop plans for the deployment of security tooling and solutions (such as password management and patch management) within the HealthTech Services organizations. Provide clear guidance on reporting requirements. Implement metrics and monitoring of the solution.
Develop and conduct solutions training for developers, engineers, system administrators, privileged users, product managers, customer support and operations.
Participate in architecture and design of products and services providing information security advice; reviewing proposed services; engineering changes; and feature requests for security implications and needed security controls.
Verify that security requirements defined in the information system and product security plans (policies and procedures) are followed and protection measures are functioning as intended.
Conduct product and services security risk assessments.
Guide Service organizations in their management of the resolution of product security audit or assessment findings.
Develop and implement product and information security policies, standards, guidelines and procedures.
Handle security incidents and review risk and impact of breaches to protected systems.
Oversee efforts to monitor for and evaluate the impact of vulnerabilities and threats to technologies used and co-ordinate remediation efforts.
Lead development of threat models and oversee security penetration testing.
We are looking for
Experience in the Healthcare sector.
Experience working in a large global organization.
Minimum 8 years of information security experience including responsibility for the security of healthcare products and service infrastructure including both management and operational experience.
Experience with deployment of IAM and password management solutions.
Experience with patch management solutions.
Experience with project management and leading complex projects.
Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance.
Incident management including detection and response.
Experience with cloud computing security, network, operating system, database, application, and mobile device security.
Experience with prevention and detection tactics and technologies (SIEM, IDS/IPS, firewalls, etc.)
Vulnerability management and remediation.
Attack and penetration testing of network infrastructure and web-based applications utilizing manual and automated tools.
Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.
A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.
Detailed knowledge and experience in security and regulatory frameworks, specifically ISO 27001, and preferably NIST 800 series. Also knowledge of SOC2, FedRAMP, STAR, NIST 800-53, and HIPAA.
Strong leadership, communication, mentoring, and interpersonal skills, as well as the ability to work with internal and external audiences.
Candidate must possess the ability to solve a wide range of complex technical problems, requiring ingenuity and innovation.
Required certifications : CISSP or SANS GSEC
Preferred certifications : CISA, CISM, ISSMP, CIPP
Advance your career in an environment that supports work-life balance, health & well-being and continuous learning. Making a difference begins right here, where you come first.
Ready to start improving lives by putting your personal skills & passions to work?
Find out more info about Philips at www.philips.com/na/careers
Philips is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, genetic information, creed, citizenship, disability, protected veteran or marital status.
As an equal opportunity employer, Philips is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact 888-367-7223, option 5, for assistance.