Director Cybersecurity and Security Ops

Fresenius Medical Care North America • Lexington, MA, United States • $200k - $250k / year • 3w ago

Fresenius Medical Care North America - Director Cybersecurity and Security Ops

Location: Lexington, Massachusetts

This is a Remote Position with occasional travel due to responsibilities.

PURPOSE AND SCOPE:

The Director of Cyber Security and Security Operations is a senior security leader of the Information Security Office that leads the overall Cybersecurity program at Fresenius Medical Care. The role reports to the CISO and provides leadership to develop, support, and advance strategies, programs, and projects designed to continually improve and enhance the overall information security posture and resiliency of the company. The individual will help drive critical information security initiatives across the enterprise and create policies and procedures for new threat vectors as required.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

Develop Endpoint and Internet Access Security Strategies and Policies to address current and emerging threats in the medical services industry.
Maintain the Cyber Defense Center (CDC) to provide enhanced Security Services to multiple Business Units under the Fresenius umbrella, including monitoring, Incident Response, Advanced Threat Analytics, policy enforcement, and Identity Access solutions.
Collaborate with other security functions such as GRC (Governance, Risk, and Compliance) to develop a Hosted Environment security risk management strategy consistent with changing enterprise-specific and industry-wide risk and regulatory environments.
Develop and maintain Identity and Access Management policies that effectively address the needs of various users and Business Units under the Fresenius umbrella.
Develop policies and procedures and provide oversight in the execution of all Policies and Procedures set forth by the Information Security Office.
Identify key program level metrics, e.g., key performance indicators (KPI) and key risk indicators (KRI) to measure the effectiveness of the CDC program and assess the risk inherited by the organization.
Partner with stakeholders within the ISO and across Business Units to effectively monitor policy enforcement with technology integration opportunities.
Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
Work with Third Parties and internal resources to perform effective Pen Testing across the enterprise.
Develop and implement an Application Development Security program that can be accessed as a Service across the Enterprise.
Lead Incident Response from an Information Technology aspect when escalation occurs.
Evangelize security best practices in dealings across all Business Units and departments.
Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques.
Build and maintain strong relationships at the executive level across all Business Units.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

SUPERVISION:

May be responsible for the direct supervision of various levels of Cybersecurity staff.

EDUCATION:

Bachelor's Degree in Computer Science, Information Security, Cybersecurity, or a related field; Advanced Degree preferred.

EXPERIENCE AND REQUIRED SKILLS:

15+ years of work technology experience with at least 10 years in a Security role and 5 in a leadership role, preferably in the medical devices/medical care service industry.
Working knowledge of information security risk management and cybersecurity technologies.
Professional security management certification such as CISSP, CCISO, CISM, and/or CISA.
Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS.
Experience managing, purchasing, and continuously improving technical infrastructure including virtual and cloud computing.
Strong communication skills coupled with a high sense of urgency to keep appropriate partners informed.
Strong client services orientation, experience managing across technical teams, exceptional interpersonal, team building, mentoring, and leadership skills.
Strong understanding of security architecture, integration with enterprise risk management, and the integration with business strategy.

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity

Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.

#J-18808-Ljbffr