Job Description

Work Schedule


Standard (Mon-Fri) Environmental Conditions


Office


This role is a member of the Corporate Infrastructure & Security (CIS), Product and Software Security, Business Enablement team and evaluates and guides Thermo Fisher product development teams on the incorporation of security concepts and controls in the design of new and existing products and platforms.

How will you make an impact?


By enabling our product development and sustainment teams, you will help ensure that Thermo Fisher products are developed and tested against security standards, further helping our customers to make the world healthier, cleaner and safer.

Position Summary:


The Product Security Strategist shares the responsibility for security associated with the company's Product Security program. They will work with all parts of the program, including research, testing and architecture, in bringing services to our Product R&D teams and program management.

• Work closely with key Senior Strategists and product development leaders to ensure security is incorporated in all customer-facing product offerings.
• Support efforts to instill security into all levels of the development process.
• Evaluate business processes around product security and uncover areas for improvement. Help develop and implement solutions leading to the integration of security within the product lifecycle.
• Build working relationships with product development team members, to maintain and improve product and application security processes.
• Contribute to maturing process, policy, and standards.
• Work with members across business units to help prioritize remediation of security vulnerabilities.
• Proactively ensure that applicable regulatory mandates are addressed with mitigating or compensating controls.
• Coordinate and participate in design reviews, and threat modeling exercises.
• Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) ensuring that compliance issues are routed to the appropriate teams for investigation and resolution.
• Travel up to 10%.

How will you get here?

• Bachelor's Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master's Degree a plus) / equivalent field experience.
• 5+ years of related work experience with information or product security, secure software development, risk assessment, or vulnerability management

Knowledge, Skills, Abilities

• Knowledge of security controls and standards, including OWASP Top 10, CIS 20, NIST, ISO, IEC and their application for medical devices
• Understanding of how to connect new and changing threats to IoT landscape
• Understanding of security protocols and concepts and the ability to translate to a product specific context
• Strong customer service background, with outstanding verbal and written communication skills required
• Strong interpersonal skills with a proven track record of explaining security concepts
• Strong attention to detail, organizational skills supporting project management
• Consistent record of positive, professional interactions with diverse audiences, including executives, managers, and domain experts
• Relevant technical certifications a plus