Principal Product Security Leader

General Electric Madison , WI 53706

Posted 2 months ago

Principal Product Security Leader

  • GE Healthcare

  • Experienced

  • Posted 9/21/2018 5:06:43 PM

  • 3177784

  • Job Function: Digital Technology

  • Business Segment: Healthcare Digital Technology

Location(s): United States; Wisconsin; Milwaukee, Madison

Role Summary:

GE Healthcare is looking for a Principal Product Security Leader to help design and implement the next generation of secure healthcare devices and solutions. This includes providing development teams and product owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.

Essential Responsibilities:

The Principal Product Security Leader works across key GEHC design engineering teams to implement secure design and build practices and create innovative technical solutions to security challenges.

You will be working directly with product development teams assessing and assisting in the design, development, and implementation of security into solutions that interoperate from the body out to the cloud and back again. You will analyze system designs and implementations from a security perspective, and uncover subtle security issues that appear under unexpected threat scenarios. You will determine the likelihood of loss and the appropriate mitigations based on those unexpected threats and work with the product development teams as they design, implement and deploy those mitigations.

You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices. You will also assist in technical security assessments across all of GEHC.

You are a security leader who thrives on addressing real-world problems and is not averse to building security tools and processes when off-the-shelf solutions just don't fit. Most importantly, you are a savvy communicator and leader that can translate security risks to business terms in an accurate and compelling manner for both technical and non-technical stakeholders.

As a Principal Product Security Leader, you will:

Oversee security for Critical Care Solutions teams and products

Act as a security technical lead for development programs

Function as the main technical point of contact for product teams as relates to cybersecurity and privacy, while also growing the security expertise of product teams

Build awareness of the importance of security in product management and technical teams

Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps

Engage in application and domain-specific threat modeling and attack surface analysis and reduction

Lead cross-functional projects and teams in establishing security development lifecycle practices within healthcare products

Assess and prioritize risk for legacy devices and communicate residual risk to business leaders

Prepare reports at appropriate levels of confidentiality for stakeholders to view

Support Privacy and Security incident response activities pertinent to design engineering and secure development through investigations, corrective actions, and preventive actions

Work directly with customers to understand their Privacy and Security concerns and requirements

Produce product assessment results suitable for customers

Respond promptly and in detail to customer queries and customer-sponsored penetration tests

Provide guidance on automated testing tools and techniques

Perform technical security assessments across the GE Healthcare product portfolio

Qualifications/Requirements:

Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)

Minimum 8 years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

Eligibility Requirements

Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job

Must be willing to travel up to 20%

Must be willing to work out of a GE Healthcare office Location in Milwaukee or Madison, WI or a remote home office

Desired Characteristics:
3 5 years of experience with information security in product development

Certification in cybersecurity (CISSP preferred)

Healthcare domain and medical device experience

Experience with embedded devices, enterprise solutions, and mobile app development

Experience with many operating systems: Enterprise Linux, Embedded Linux, Android, iOS, Windows, Windows Server, Windows Embedded

Experience with security configuration and communication of embedded devices

Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth

Experience with real-time network protocols, such as DDS (Data Distribution Service)

Experience in a broad range of information security domains security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management

Experience with Security Development Lifecycle processes such as Threat Modeling

Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, fuzzers, etc.

Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards

Experience with OWASP, CVSS, FIPS 140-2, and DoD RMF

Project and program management experience

Organization and communication of complex information

An understanding of information security risk management exposure to risk concepts and models like FAIR, OCTAVE, etc

Additional Responsibilities:

Seek, share and implement best practices with the other GE cybersecurity leaders and potentially external industry partners

Maintain the strategic roadmap for cybersecurity initiatives and measure program effectiveness.

Provide regular program updates to Product Security leadership, the GEHC CISO, and other stakeholders.

Establish and maintain relationships with stakeholders including CTOs, Service Leaders, Legal, and regional commercial leaders.

Work with engineering Product Security Representative and Cyber Security Product Security Leaders on product security solutions.

Aid in the development and enforcement of GE-wide policies & standards and assist technology teams with implementation.

Define technology security requirements and communicate to system owners through effective security programs and training.

#DTR

About Us:

GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Locations: United States; Wisconsin; Milwaukee, Madison

GE will only employ those who are legally authorized to work in the United States for this opening.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Product Manager Data And Cyber Security Solutions

Wind River Financial

Posted 1 week ago

VIEW JOBS 11/2/2018 12:00:00 AM 2019-01-31T00:00 Wind River is looking for an experienced Product Manager to lead the identification and delivery of new product solutions related to Data and Cyber Security. This position will be responsible for market and customer research, understanding the competitive landscape, the identification of new opportunities, and providing strategic input to growth strategies. The Product Manager will oversee all stages of the product lifecycle, and will work effectively with internal and external colleagues to support that process. So what does it take to be successful? Success Factors: * Advanced knowledge of cyber security industry, including market trends and emerging technology. * Intellectual curiosity, and a passion for developing new, high-impact products. * Excellent communication and relationship-building skills, with an ability to prioritize, negotiate, and coordinate work with a variety of internal and external stakeholders. * Self-motivated individual driven to achieve results and continuously improve. * The ability to learn fast and build on existing knowledge to quickly master new skills and insights. Responsibilities: * Conducts market and customer research, analyzes results, and summarizes findings. * Identifies new opportunities and solutions, and estimates revenue potential. Provides strategic input on vertical growth strategies based on identified opportunities and solutions. * Assesses the competitive landscape, identifies potential partners, and determines the most effective product strategy (build, "rent", or partner) to execute on company objectives in Data and Cyber Security space. * Manages the formal rollout of all products to ensure a seamless, well-executed product introduction that avoids overlap and confusion within the organization. Develops and guides marketing programs for product rollouts. * Interfaces with internal and external engineers, designers, suppliers and customers to develop product requirements and specifications. * Develops and maintains strong relationships with product manufacturers and other external partners. * Establishes product strategies including product direction, advertising, pricing, expense budgets, profit plans and future product development to manage a product lifecycle. * Assist with the sales process and provides integration support for larger, more strategic opportunities. * Lead the existing PCI program including monitoring, assessing compliance and working with internal stakeholders along with clients on compliance needs. * Creates product marketing content for thought leadership, promotion and awareness. Minimum Requirements: * Bachelor's degree in Business, Marketing, Engineering, Development or related field or equivalent experience. * 1+ years of product management experience within the Data/Cyber Security space. * Strong analytic, strategic thinking, and creative problem-solving skills that support and enable sound decision making * Strong ability to facilitate collaboration, resolve conflict and identify solutions. * Ability to influence others and build consensus using advanced written, verbal communication and presentation skills * High-level of adaptability, with the ability to respond effectively to new information and evolving situations. * Strong business acumen, including advanced financial analysis and pricing skills. * Excellent Microsoft Outlook, Project, Excel, Word and PowerPoint skills * Security certifications preferred: SANS GSEC, ISC2 CISSP, PCIP or related. WHY JOIN WIND RIVER? * We're a growing company in an expanding industry. * We have a great team, and were named one of Madison Magazine's 2014 Best Places to Work! * We offer competitive compensation and a comprehensive benefits package that includes health, dental, life, disability, and 401(k). WHO WE ARE: Wind River provides superior payment processing products and services to thousands of clients throughout 38 states. We pride ourselves on doing business differently and delivering a level of customer care that is unequaled in our industry. We value honesty, intelligence, work ethic, humor and building strong relationships. And we have built our company with employees who think like entrepreneurs! To learn more about the Wind River difference, visit our website at www.WindRiverFinancial.com. Wind River Financial is an equal opportunity employer (EOE). Wind River Financial Madison WI

Principal Product Security Leader

General Electric