Senior Security Architect

In this role, you have the opportunity to join the leading innovator in healthcare solutions as Security architect, work in a multi-disciplinary system architecture team with the assignment to define and lead the security architecture for all products and solution in the installed base, in production and on the roadmap.

You are responsible for creating and maintaining the security roadmap for products and solutions, aligned with key stakeholders in Product Security Office, Service Marketing and Product Marketing. Together with your colleague system architects, you guide implementation by product development teams.

This includes:

• Defining the security reference architecture for products, and the realization roadmap for this architecture
• Ensuring existing and upcoming security regulations are realized in products
• Spotting opportunities for commercialization of security features and enhancements
• Initiating, leading, and overseeing the realization of the security architecture through platform and product development across products
• Facilitating a monthly security assessment by Products Security Office for all products

You will be a part of the business unit with development sites in the Netherlands, and India. This business unit is responsible for marketing, service, development and manufacturing of solutions and products used in the area of minimally invasive procedures. The customers are hospitals and their medical specialists. You will join the global R&D department.

Required Skills (Technical Competency)

• An MSc/PhD in computer science or another relevant area, and 10+ year experience in security design for embedded and cloud hosted software. Minimum 5 years of relevant experience in security domains/ areas including governance, policy& procedures, security management etc.
• Deep understanding of Ethernet networks and how these can be optimally applied inside and across products
• Experience with healthcare products and services, relevant standards such as DiCOM, HL7 and FHIR and understanding of security and privacy aspects for healthcare products.
• Demonstrated experience working in a global team on medical systems
• Ability to work in a collaborative environment, negotiate challenges, explain technical considerations and recommend solutions;
• Knows how to balance feature delivery and tech debt amortization while maintaining existing technology and innovation to satisfy business needs;
• Keep abreast of technical developments in own field through study of the literature and technical contacts
• Real passion for and energy from working with cross-site, cross-functional, dynamic teams.
• Formal training or certification on Cybersecurity concepts
• Experience in Threat Modeling (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon)., Public Key Infrastructure (PKI)
• Hands-on practical experience high quality threat models and knowledge of MITRE framework, STRIDE framework and kill chains.
• Strong knowledge of information security principles, security architectures, frameworks, standards, and emerging threats, with the ability to implement effective mitigation strategies.
• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts.
• Knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.
• Familiarity with regulatory requirements and compliance standards (NIST, ISO 27001, GDPR, FDA, HIPPA).
• Knowledge of business trends and directions that security must take into consideration to support the business.
• Proficiency in leading and managing incident response and analysis, security events, violations and incidents
• Security controls knowledge and understanding of core IT technologies and processes
• Understanding of National Institute of Standard of Technology (NIST), ISO 27001 security controls, Risk-management
• Experienced and comfortable working in multicultural global organization
• Background in developing and maintaining security policies, procedures and standards.
• Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner.
• Good understanding of relevant laws, regulations, and industry standards