Product Security Official – Medical Devices

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top 20 on the Fortune 500.

Cardinal Health’s Information Security team is on a tremendous growth journey adding a number of new team members in our Cyber Threat Operations Center, IT Risk and Compliance, and Security Architecture teams.  We aim to be a world-class cybersecurity and risk management organization that enables Cardinal Health to be healthcare’s most trusted partner. We are a remote-first team and are excited to offer full-time remote opportunities.

We boast tremendous opportunities to grow and apply technical skills to meet organizational needs, empowering talented team members who mentor and uplift others, led by leaders with a maniacal focus on employee development and well-being, dedicated training programs, and a fun and collaborative atmosphere. We currently have a full-time career opening within the Information Security to support the growth of our Medical Device Security Program (MDSP).

Functional overview:

The MDSP is a new capability for Cardinal Health and will be executed by the Medical Device Security Functional Team. The primary goal of this program/team is to ensure Cardinal Health’s Medical Device Portfolio of products complies with cybersecurity regulatory requirements (FDA, Health Canada, etc.). The MDSP functional team is also responsible for designing, developing, implementing, and maintaining the medical device security program and associated processes.

Job Overview:

· Partner with business leaders to ensure the security features of the Cardinal Health medical devices align with leadership strategy

· Lead and execute the medical device security program strategy including threat modeling, security testing, vulnerability management, incident response, architecture reviews, and risk assessments

· Engage with the management and execution of projects and program services based on organizational strategy and goals

· Partners with internal and external teams to provide first line of feedback and perform periodic security audits of all software and hardware across medical device lines

· Develops medical device security program policy, standards, procedures, and work instructions

· Reviews medical device risks with the divisions and departments to provide guidance and escalates to the Steering and Risk Committee as needed· Establishes and reviews resource requirements and performance

· Develop and maintain metrics to support the measurement of program and operational effectiveness and provide updates to various levels of corporate and business unit leadership

This role is a senior position within the team and will work with various IT and business teams, all members of the Information Security and Risk team to identify and prioritize security related topics.  Good interpersonal skills are essential for success.

Qualifications:

· At least 5 years of hands-on Information Security experience.  Technical writing experience, SBOM creation and medical device familiarity preferred.

· At least 3 years’ experience working as part of an existing medical device security program

· Experience in vulnerability management programs, vulnerability assessments, and basic understanding of risk management

· Familiar with the software development pipeline and system lifecycles

· Knowledge of IT security e.g., systems, methodologies, technologies, architectures, practices, policies, working knowledge of NIST Cyber security Framework preferred

· Experience in establishing strong, healthy and lasting relationships

· Desired: Previous experience with medical device regulatory compliance to any of the following standards: FDA, MDD, MDR, HIPAA, HITRUST, or CMIA.

Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.