Senior Product Cybersecurity Analyst
Abbott
Senior Product Cybersecurity Analyst
Abbott is a global healthcare leader, creating breakthrough science to improve people's health. We're always looking towards the future, anticipating changes in medical science and technology.
Working at Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You will have access to:
- Career development with an international company where you can grow the career you dream of.
- A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.
- A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists.
This is a global role based in Bogotá, Colombia. The Product Security Testing Analyst will be responsible for identifying and evaluating information security risks relevant to existing and future medical device products and providing security requirements and recommendations for mitigating such risks. Responsibilities include assisting in defining set of security requirements, evaluating ongoing risk and vulnerabilities through scanning and testing techniques and recommending security measures for Abbott.
The Senior Product Cybersecurity Analyst is responsible for identifying cybersecurity risks of developed, marketed, and fielded products, including, but not limited to, patient safely and data protection risks. The Product Security Analyst will help maintain a product security program that offers services such as: product security risk assessment, security testing, security event handling, metrics & monitoring, external communications, staffing, security standards and compliance, audit support, and education and training working with Quality management systems in a regulated industry.
Develop and maintain product cybersecurity standards and other documents as deemed necessary. Specific tasks may include analyzing existing requirements, reviewing and mapping applicable regulations and cybersecurity frameworks, collaborating with divisional compliance teams, working with impacted stakeholders to complete documentation updates.
Executing control monitoring activities which may include annual planning, walkthroughs and testing of specific controls, and status reporting.
Maintain product cybersecurity control framework in alignment with various security industry frameworks (e.g., ISO27K, NIST 800-53, etc.), regulatory requirements (e.g., FDA pre/postmarket cybersecurity guidance), and internal Abbott policies. Specific activities may include review and analysis of existing controls against Abbott and regulatory requirements, creating test plans, communicating control framework to stakeholders, etc.
Assist with execution of the product maturity assessments. Activities may include coordination of internal assessments, working with product teams to complete questionnaires, reporting, etc.
May coach or provide guidance to lower-level security professionals
Participate in company-wide product security initiatives, as necessary.
Develop and effectively execute project plans, work breakdown, structure, and task dependencies, communication plans, etc. as needed.
Prepare internal customers and business partners and guide them through cybersecurity audits.
Communicate product security messaging throughout the organization, including program updates with Senior Management.
Provide strategic perspective and alignment, lead governance and training efforts, and contribute to various methodologies in use.
Maintain positive and cooperative communications and collaboration with all levels of employees, customers, contractors, and vendors.
Perform other related duties and responsibilities, on occasion, as assigned.
BA/BS or higher in Information Security, Risk or IT Management, Computer Science, or related field; or equivalent experience.
6 years of Information Security/IT/Audit/Consulting experience is required.
Certifications such as CISA, CISM, CRISC, CISSP, GSEC, Security+, CPP or CFE are preferred.
Knowledge of regulatory and industry compliance frameworks such as NIST Cybersecurity Framework, NIST 800-53, ISO 27001, EU DPD, HIPAA/HITECH, etc.
History of completing successful cross-functional projects and driving positive compliance outcomes.
Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner and be able to meet assigned deadlines and service levels.
Must have strong time management skills and an ability to thrive in a high cadence operation.
Must work well within a tight-knit team environment and be able to work with peers, customers, and partners to support the mission.
Excellent communication skills with demonstrated ability to write clear, concise business communication for multiple levels (management, technical, business user).
Experience with maintaining cybersecurity standards is preferred.
Experiences in audit and/or consulting background is preferred.
Experience with control monitoring activities which may include walkthroughs and testing of specific controls.
Experience working within a cybersecurity or IT function requiring acumen in technical systems.
Experience with Quality management systems in a regulated industry.