Philips Director, Product Security Officer-PCMS & Global Markets in Andover, Massachusetts

Director, Product Security Officer – PCMS & Global Markets

At Philips, we believe people should be healthy, live well and enjoy life. We challenge ourselves every day to deliver on this promise and help solve the world’s most pressing health care concerns. We do this by developing innovative solutions across the continuum of care in partnership with clinicians and our customers to improve patient outcomes, provide better value and expand access to care.

Your challenge:

Philips is looking for an information security officer to help us ensure our cloud-based Software-as-a-Service (SaaS) and digital health platform offerings to the healthcare industry are offered securely. This position is responsible for providing guidance, expertise, and solutions to business units implementing patient monitoring solutions.

Your responsibilities:

• Assist the HealthTech sector and business units in the development and implementation of information security practices including policies, standards, guidelines, and procedures.

• Verify that security requirements defined in the information system security plans (policies and procedures) are followed and protection measures are functioning as intended.

• Conduct information security reviews to determine compliance.

• Guide business units in their management of the resolution of information security audit or review findings.

• Provide information security risk management and operational security advice as well as advice on strategic direction relating to information security.

• Review strategy and operation of security log data collection and review.

• Review security terms for contracts with outsourced IT service providers to ensure compliance with our security requirements.

• Perform oversight monitoring and audits of Outsourced IT Service Providers to ensure compliance with established information security requirements.

• Handle security incidents and review risk and impact of breaches to protected systems.

• Oversee efforts to monitor for and evaluate the impact of vulnerabilities and threats to technologies used and co-ordinate remediation efforts.

• Participate in architecture and design of services providing information and product security advice.

• Reviewing proposed services, engineering changes, and feature requests for security implications and needed security controls.

• Lead development of threat models and oversee security penetration testing.

• Develop and conduct information security training for developers, engineers, system administrators, privileged users, product managers, customer support, and operations.

What we are looking for:

• Ten years of operational information security experience including responsibility for the security of an IT infrastructure including both management and operational experience

• Information security experience in all phases of service development and deployment including architecture, design, development, testing, release, and operational maintenance

• Incident management, including analysis and response

• Experience with network and host security management including with SIEM, IDS, firewalls, and network defense tactics

• Vulnerability management and remediation

• Conducting information security audits and reviews

Experience in obtaining and maintaining ISO 27001 certification Preferred:

• Experience in the healthcare sector and HIPAA

• Experience leading change management systems

Experience with NIST 800-53

Required skills:

• A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures

• Knowledge of information system architecture and security controls (i.e. firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances, and information security policies and procedures)

• Detailed knowledge and experience in security and regulatory frameworks, specifically ISO 27001 (and, preferably, NIST 800-53)

• Strong communication and interpersonal skills; the ability to work with internal and external audiences

Candidate must possess the ability to solve a wide range of complex technical problems, requiring ingenuity and innovation

Required: CISSP or SANS GSEC

Preferred: CISA, CISM, ISSM, PCIPP

Philips is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, genetic information, creed, citizenship, disability, protected veteran or marital status.

In this role, you have the opportunity to

At Philips, we believe people should be healthy, live well and enjoy life. We challenge ourselves every day to deliver on this promise and help solve the world’s most pressing health care concerns. We do this by developing innovative solutions across the continuum of care in partnership with clinicians and our customers to improve patient outcomes, provide better value and expand access to care.

Philips is looking for an information security officer to help us ensure our cloud-based Software-as-a-Service (SaaS) and digital health platform offerings to the healthcare industry are offered securely. This position is responsible for providing guidance, expertise, and solutions to business units implementing patient monitoring solutions.

Your responsibilities:

• Assist the HealthTech sector and business units in the development and implementation of information security practices including policies, standards, guidelines, and procedures.

• Verify that security requirements defined in the information system security plans (policies and procedures) are followed and protection measures are functioning as intended.

• Conduct information security reviews to determine compliance.

• Guide business units in their management of the resolution of information security audit or review findings.

• Provide information security risk management and operational security advice as well as advice on strategic direction relating to information security.

• Review strategy and operation of security log data collection and review.

• Review security terms for contracts with outsourced IT service providers to ensure compliance with our security requirements.

• Perform oversight monitoring and audits of Outsourced IT Service Providers to ensure compliance with established information security requirements.

• Handle security incidents and review risk and impact of breaches to protected systems.

• Oversee efforts to monitor for and evaluate the impact of vulnerabilities and threats to technologies used and co-ordinate remediation efforts.

• Participate in architecture and design of services providing information and product security advice.

• Reviewing proposed services, engineering changes, and feature requests for security implications and needed security controls.

• Lead development of threat models and oversee security penetration testing.

• Develop and conduct information security training for developers, engineers, system administrators, privileged users, product managers, customer support, and operations.

To succeed in this role, you should have the following skills and experience

• Ten plus years of operational information security experience including responsibility for the security of an IT infrastructure including both management and operational experience

• Information security experience in all phases of service development and deployment including architecture, design, development, testing, release, and operational maintenance

• Incident management, including analysis and response

• Experience with network and host security management including with SIEM, IDS, firewalls, and network defense tactics

• Vulnerability management and remediation

• Conducting information security audits and reviews

Experience in obtaining and maintaining ISO 27001 certification Preferred:

• Experience in the healthcare sector and HIPAA

• Experience leading change management systems

Experience with NIST 800-53

Required skills:

• A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures

• Knowledge of information system architecture and security controls (i.e. firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances, and information security policies and procedures)

• Detailed knowledge and experience in security and regulatory frameworks, specifically ISO 27001 (and, preferably, NIST 800-53)

• Strong communication and interpersonal skills; the ability to work with internal and external audiences

Candidate must possess the ability to solve a wide range of complex technical problems, requiring ingenuity and innovation

Required: CISSP or SANS GSEC

Preferred: CISA, CISM, ISSM, PCIPP

In this role we offer you

Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused on improving 3 billion lives a year by delivering innovative solutions across the health continuum at http://www.philips.com/b-dam/corporate/corporateblog/2016/PhilipsChronicDisease_5.jpg . Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways. Learn more by watching this video .

To find out more about what it’s like working for Philips at a personal level, visit the Working at Philips page at http://www.philips.com/a-w/careers/healthtech/working-at-philips/working-at-philips.html on our career website, where you can read stories from our employee blog at http://www.usa.philips.com/a-w/our-people/life-at-philips.html . Once there, you can also learn about our recruitment process at http://www.philips.com/a-w/careers/healthtech.html , or find answers to some of the frequently asked questions at http://www.philips.com/a-w/careers/healthtech/faq.html .

Find out more info about Philips at www.philips.com/na/careers

Ready to start improving lives by putting your personal skills & passions to work?

Apply Today!

Philips is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex (including pregnancy), sexual orientation, gender identity, national origin, genetic information, creed, citizenship, disability, protected veteran or marital status.

As an equal opportunity employer, Philips is committed to a diverse workforce. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact 888-367-7223, option 5, for assistance.