Manager, Device Security

At ZOLL, we're passionate about improving patient outcomes and helping save lives.

We provide innovative technologies that make a meaningful difference in people's lives. Our medical devices, software and related services are used worldwide to diagnose and treat patients suffering from serious cardiopulmonary and respiratory conditions.

ZOLL Medical does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need ZOLL immigration sponsorship (e.g. H1B, TN, STEM, OPT, etc.) either now or in the future.

Job Summary

The Device Security Manager role will lead the team defining and maintaining the cybersecurity requirements and design for ZOLL's Medical's devices. This role will execute key device cybersecurity activities to support new product development and maintenance of on-market products including threat modeling, cybersecurity risk assessment, managing 3rd party testing, and monitoring for vulnerabilities.

In addition, the Device Security Manager will lead all efforts related to government compliance and certifications to include DoD's Risk Management Framework (RMF) compliance, Defense Health Agency (DHA) Approval To Operate (ATO), Cybersecurity Maturity Model Certification (CMMC) and Federal Risk and Authorization Management Program (FedRamp).

You will work closely with ZOLL product teams to develop, manage and maintain System Security Plans (SSP), Plans of Actions & Milestones (POA&Ms), Vulnerability Management, DISA Security Technical Implementation Guides (STIG) and Security Content Automation Protocol (SCAP) scans. This position will manage and maintain all documentation and be responsible for reporting compliance to the required government agency and other compliancies such as FDA requirements.

Essential Functions

• Assist in the development of product specific documentation to include Medical Device Equipment
• Work directly with government agencies to ensure proper documentation and reports are delivered in a timely matter as required by contract.
• Partner with and guide ZOLL product teams on all necessary compliance requirements and vulnerability mitigations
• Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat and vulnerabilities.
• Conduct regular STIG checks and SCAP scans
• Conduct monthly vulnerability scanning
• Monitor and report on POA&M remediation activities
• Manage, report, and communicate on the performance of owned processes
• Lead and manage a team that provided consultation on the medical device design and development.
• Manage postmarket cyber security issues and customer inquiries.
• Create ZOLL’s device security strategy and roadmap.

Required/Preferred Education and Experience

• Security+ certified (or any DoD required IAM Level I certification …