Director Cybersecurity and Security Ops

Fresenius Medical Care • Lexington, MA, United States • $200k - $250k / year • 4w ago

PURPOSE AND SCOPE:

The Director of Cyber Security and Security Operations is a senior security leader of the Information Security Office that leads the overall Cybersecurity program at Fresenius Medical Care. The role reports to the CISO and provides leadership to develop, support, and advance strategies, programs, and projects designed to continually improve and enhance the overall information security posture and resiliency of the company. The individual will help drive critical information security initiatives across the enterprise and create policies and procedures for new threat vectors as required.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

Develop Endpoint and Internet Access Security Strategies and Policies to address current and emerging threats in the medical services industry.
Maintain the Cyber Defense Center (CDC) to provide enhanced security services to multiple business units under the Fresenius umbrella, including monitoring, incident response, advanced threat analytics, policy enforcement, and identity access solutions.
Collaborate with other security functions such as Governance, Risk, and Compliance (GRC) to develop a hosted environment security risk management strategy consistent with changing enterprise-specific and industry-wide risk and regulatory environments.
Develop and maintain Identity and Access Management policy to effectively address the needs of various user types and business units under the Fresenius umbrella.
Develop policies and procedures and provide oversight in the execution of all policies and procedures set forth by the Information Security Office.
Identify key program-level metrics, such as key performance indicators (KPI) and key risk indicators (KRI), to measure the effectiveness of the CDC program and the risk inherited by the organization.
Partner with stakeholders within the ISO and across business units to effectively monitor policy enforcement with technology integration opportunities.
Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
Work with third parties and internal resources to perform effective penetration testing across the enterprise.
Develop and implement an Application Development Security program that can be accessed as a service across the enterprise.
Lead incident response from an IT aspect when escalation occurs.
Evangelize security best practices across all business units and departments.
Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques.
Build and maintain strong relationships at the executive level across all business units.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

SUPERVISION:

May be responsible for the direct supervision of various levels of Cybersecurity staff.

EDUCATION:

Bachelor's Degree in Computer Science, Information Security, Cybersecurity, or a related field; Advanced Degree preferred.

EXPERIENCE AND REQUIRED SKILLS:

15+ years of work technology experience with at least 10 years in a security role and 5 in a leadership role, preferably in the medical devices/medical care service industry.
Working knowledge of information security risk management and cybersecurity technologies.
Bachelor of Science or Bachelor of Engineering in Computer Science, Engineering, or a related field; MBA or other relevant graduate degree is a plus.
Professional security management certification such as CISSP, CCISO, CISM, and/or CISA.
Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS.
Experience managing, purchasing, and continuously improving technical infrastructure, including virtual and cloud computing, and building technology for secure environments that contain sensitive information (e.g., patient profiles, medical information, etc.).
Solid understanding of the project lifecycle and product management processes, including initiation, requirements gathering, analysis and design, development tools and technologies, release and version control, user acceptance testing, demos, and deployment management.
Strong communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver expectations.
Strong client services orientation, experience managing across technical teams, exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence of peers and others.
Strong understanding of security architecture, integration with enterprise risk management, and the integration with business strategy.

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity

Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.

This is a remote position with occasional travel due to responsibilities.

#J-18808-Ljbffr