Share this Job

Job Title:  Regulatory Product Cybersecurity Manager

Req ID:  30689
Job Category:  Regulatory Affairs

Mentor, OH, US, 44060

Description: 

At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary

 

The mission of the STERIS US Regulatory Affairs function is to implement efficient and effective processes to initially obtain and then maintain clearance to market STERIS products in support of STERIS’s global business plans. This includes determining registration and/or submission requirements in the US, working with STERIS international registration staff to identify requirements in other targeted markets, and working with product acquisition or development teams to ensure these requirements are met. This group also identifies and supports Regulatory compliance needs.

 

The Regulatory Product Cybersecurity Manager position is a hybrid position that blends responsibilities under the traditional Regulatory Manager position with those of a Cybersecurity Manager. As STERIS products and solutions continue to evolve to align with trends in digital healthcare solutions, the Regulatory Product Cybersecurity Manager will assist the Director of Regulatory Product Cybersecurity in developing and implementing a Product Cybersecurity Program, including developing policies, procedures, work instructions and templates that ensure STERIS products and service solutions comply with required cybersecurity regulations, industry standards, and guidance. This individual will also ensure cybersecurity tools and work instructions are in place that enable STERIS to successfully identify, detect, protect, respond, and recover from potential cyber threats and/or incidents. This individual has significant experience managing, guiding and/or leading professional staff through addressing a variety of product cybersecurity areas of focus. This individual will directly manage staff-level professionals and lead/guide staff from other disciplines outside of Regulatory Affairs in achieving the cybersecurity objectives of the assigned projects.  
 

Duties

 

The Regulatory Product Cybersecurity Manager will have responsibility, for performing the duties of the functional areas described below with little or no daily direct supervision required. Activities that involve leveraging the below may require close work with STERIS corporate, domestic, and international staff and interactions with FDA and other federal agencies as assigned.

Essential Job Functions – Cybersecurity and Privacy (50%)

  1. Collaborates with Director of Product Cybersecurity and Cybersecurity Working Group to define, implement and maintain a Product Cybersecurity Program based on security and privacy frameworks, security standards and certifications required for STERIS to meet regulatory requirements and Customer agreements.
  2. Collaborate with cross functional partners to develop, implement, and maintain policies, procedures, and work instructions for the Product Cybersecurity Program, ensuring integration into the STERIS QMS.
  3. Collaborates with the STERIS Product Cybersecurity Working Group and internal stakeholders to maintain a common understanding of threat intelligence picture and product cybersecurity posture for STERIS, including:
  4. Support the Service and Commercial teams with the Security specific responses needed for RFP responses, product security questionnaires, new Customer agreements and reviews of Security-specific labeling.
  5. Serves as expert and liaison to Customers, senior leaders, other internal stakeholder to explain product cybersecurity regulatory obligations for domestic and international markets.
  6. Leads vulnerability assessments and determination of remediations on reported vulnerabilities and security incidents.
  7. Provides product cybersecurity guidance and support to new product development teams to meet timely delivery of cybersecurity-related content for product approval applications in accord with business objectives.  
  8. Co-chairs STERIS Product Cybersecurity Working Group.
  9. Supports the STERIS Regulatory Group leadership with product regulatory cybersecurity strategy and serves as a representative for Product Regulatory Cybersecurity as requested on the STERIS Cybersecurity Committee.
  10. Instills a security first mindset through coaching and mentorship. Identify and encourage areas for growth and improvement corporate-wide. 
  11. Collaborates with product teams and Regulatory Compliance to conduct gap assessments on cybersecurity and privacy risk management strategy, activities, and associated documentation.
  12. Other related duties as assigned.
     

Duties - cont'd

Other Product Cybersecurity Support (25%)

  1. Supports internal audits of STERIS manufacturing facilities and/or potential acquisitions to help ensure compliance with Product Cybersecurity Program requirements.
  2. Supports Regulatory Representatives of STERIS manufacturing facilities and international locations by assisting in one or more of the following areas:

General Duties (25%)

  1. Supports STERIS Regulatory Strategy, accurately communicating it to internal partners and stakeholders. 
  2. Acts as champion for compliance with design controls, good documentation practices, and risk management standards, especially for cybersecurity. 
  3. Manages staff-level professionals and leads/guides staff from other disciplines outside of Regulatory Affairs in achieving the cybersecurity objectives of the assigned projects.  
  4. Uses his/her influence and experience in cybersecurity to partner with stakeholders from diverse functional areas of the company to bring about continuous improvement in the Product Cybersecurity Program.
  5. Stays abreast of applicable product cybersecurity laws, regulations, industry standards and best practices.
  6. Actively represents STERIS on external MedTech committees such as H-ISAC, AAMI and AdvaMed.
     

Education Degree

Bachelor's Degree in Computer Science or Information Systems

Experience

Required:

  • Minimum 5 years indirectly guiding or managing security-related personnel
  • Experience ensuring or indirectly managing (or guiding) IT or product security personnel to ensure compliance with product cybersecurity regulatory guidance, laws, policies and/or industry standards, including in support of regulatory submissions for pharmaceutical and/or medical device companies.  Significant experience managing legal and/or government cybersecurity compliance matters may be substituted for industry experience for highly qualified individuals.  
  • Can develop good command of national/international regulatory guidance, legislation, and industry standards applicable to medical device and healthcare IT cybersecurity (e.g., CVSS, ISO, AAMI, FDA, HIPAA, GDPR, DoD RMF guidance/standards) 
  • Ability to acquire applicable cybersecurity certifications as negotiated with direct management.

 

Preferred:

  • Experience directly managing IT or product security personnel in a regulated environment securing products and IT infrastructures for a broad range of diverse and complicated product solutions is highly desirable.
  • Relevant Data Protection / Privacy Management qualification 
  • Penetration testing qualifications
  • Cybersecurity certifications desirable (e.g., CISSP, CISM, SSCP, CISA, GCIH, HCISPP)

 

#LI-SA2

#ZRSA-1

 

 

STERIS is a leading provider of products and services that meet the needs of growth areas within Healthcare: procedures, devices, vaccines and biologics.  We exist to fulfill our MISSION TO HELP OUR CUSTOMERS CREATE A HEALTHIER AND SAFER WORLD. STERIS is a $3B, publicly traded (NYSE: STE) company with approximately 16,000 associates and Customers in more than 100 countries.

If you need assistance completing the application process, please call 1 (440) 392.7047. This contact information is for accommodation inquiries only and cannot be used to check application status.

STERIS is an Equal Opportunity Employer.  We are committed to equal employment opportunity and the use of affirmative action programs to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law.  We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity.

The full affirmative action program, absent the data metrics required by § 60-741.44(k), shall be available to all employees and applicants for employment for inspection upon request. The program may be obtained at your location’s HR Office during normal business hours.

Req ID:  30689
Job Category:  Regulatory Affairs

Mentor, OH, US, 44060


Nearest Major Market: Cleveland
Nearest Secondary Market: Akron

Job Segment: Pharmaceutical, Medical Device, Computer Science, Pre-Sales, RFP, Science, Healthcare, Technology, Sales