This is a Remote Position with occasional travel due to responsibilities
PURPOSE AND SCOPE:
Director of Cyber Security and Security Operations is a senior security leader of Information Security Office that leads the overall Cybersecurity program at Fresenius Medical Care. The role reports to CISO and provides leadership to develop, support, and advance strategies, programs, and projects designed to continually improve and enhance overall information security posture and resiliency of the company. The individual will help drive critical information security initiatives across the enterprise and create Policy and Procedures for new threat vectors as required.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Develop Endpoint and Internet Access Security Strategies and Policies to address current and emerging threats at large, and, the medical services industry.
- Maintain Cyber Defense Center (CDC) to provide enhanced Security Services to multiple Business Units under the Fresenius umbrella. This should include but is not limited to, monitoring, Incident Response, Advance threat Analytics, policy enforcement, and Identity Access solutions.
- Collaborate with other security functions such as GRC (Governance, Risk, and Compliance), develop a Hosted (non-Fresenius owned infrastructure) Environment security risk management strategy consistent with changing enterprise-specific and industry-wide risk and regulatory environment.
- Develop and maintain Identity and Access Management policy that can effectively address the needs of the many different types of users and BU's under the Fresenius umbrella.
- Develop policies and procedures and provide oversight in the execution of all Policies and Procedures set forth by the Information Security Office.
- Identify key program level metrics, e.g. key performance indicators (KPI) and key risk indicators (KRI) to measure the effectiveness of the CDC program and measure the risk inherited by the organization
- Partner with other stakeholders (within the ISO and across BU's) to effectively monitor Policy enforcement with technology integration opportunities.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Work with Third Parties and internal resources to perform effective Pen Testing across the enterprise.
- Develop and Implement an Application Development Security program that can be accessed as a Service across the Enterprise.
- Lead Incident Response from an Information Technology aspect when escalation occurs.
- Evangelize security best practices in dealings across all BU's and departments.
- Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques.
- Build and maintain strong relationships at the executive level across all Business Units
PHYSICAL DEMANDS AND WORKING CONDITIONS:
- The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
SUPERVISION:
- May be responsible for the direct supervision of various levels of Cybersecurity staff.
DUCATION:
- Bachelor's Degree in Computer Science, Information Security or Cybersecurity or related field; Advanced Degree preferred
EXPERIENCE AND REQUIRED SKILLS:
- 15+ years of work technology experience with at least 10 years in a Security role and 5 in a leadership role, preferably in medical devices/medical care service industry.
- Working knowledge of information security risk management and cybersecurity technologies
- Bachelor of Science of Bachelor of Engineering in Computer Science, Engineering or a related field; MBA or other relevant graduate degree is a plus.
- Professional security management certification such as CISSP, CCISO, CISM, and/or CISA
- Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS
- Experience managing, purchasing, and continuously improving technical infrastructure including virtual and cloud computing, and building technology for secure environments that contain sensitive information (e.g.: patient profiles, medical information etc.).
- Solid understanding of the project lifecycle and product management processes including; initiation, requirements gathering, analysis and design, development tools and technologies, release and version control, user acceptance testing, demos, and deployment management.
- Strong communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver to expectation.
- Strong client services orientation, experience managing across technical teams, exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence of peers and others.
- Strong understanding of security architecture, integration with enterprise risk management, and the integration with business strategy
EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity
Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.
EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity
Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.