Manager – Device Security

Corporate

At ZOLL, we're passionate about improving patient outcomes and helping save lives.

We provide innovative technologies that make a meaningful difference in people's lives. Our medical devices, software and related services are used worldwide to diagnose and treat patients suffering from serious cardiopulmonary and respiratory conditions.

ZOLL Medical does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need ZOLL immigration sponsorship (e.g. H1B, TN, STEM, OPT, etc.) either now or in the future.

Job Summary

The Device Security Manager role will lead the team defining and maintaining the cybersecurity requirements and design for ZOLL's Medical's devices. This role will execute key device cybersecurity activities to support new product development and maintenance of on-market products including threat modeling, cybersecurity risk assessment, managing 3rd party testing, and monitoring for vulnerabilities.

In addition, the Device Security Manager will lead all efforts related to government compliance and certifications to include DoD's Risk Management Framework (RMF) compliance, Defense Health Agency (DHA) Approval To Operate (ATO), Cybersecurity Maturity Model Certification (CMMC) and Federal Risk and Authorization Management Program (FedRamp).

You will work closely with ZOLL product teams to develop, manage and maintain System Security Plans (SSP), Plans of Actions & Milestones (POA&Ms), Vulnerability Management, DISA Security Technical Implementation Guides (STIG) and Security Content Automation Protocol (SCAP) scans. This position will manage and maintain all documentation and be responsible for reporting compliance to the required government agency and other compliancies such as FDA requirements.

Essential Functions

• Assist in the development of product specific documentation to include Medical Device Equipment
• Work directly with government agencies to ensure proper documentation and reports are delivered in a timely matter as required by contract.
• Partner with and guide ZOLL product teams on all necessary compliance requirements and vulnerability mitigations
• Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat and vulnerabilities.
• Conduct regular STIG checks and SCAP scans
• Conduct monthly vulnerability scanning
• Monitor and report on POA&M remediation activities
• Manage, report, and communicate on the performance of owned processes
• Lead and manage a team that provided consultation on the medical device design and development.
• Manage postmarket cyber security issues and customer inquiries.
• Create ZOLL’s device security strategy and roadmap.

Required/Preferred Education and Experience

• Security+ certified (or any DoD required IAM Level I certification or above) required
• 8+ years of relevant work experience in Information Security with at least three years of experience managing security compliance for government contracts preferred
• 8+ Years experience in Cyber Security preferred
• 5+ years working with Medical devices in similar industries preferred
• Experienced leadership capabilities and conflict resolution preferred

Knowledge, Skills and Abilities

• Program management experience required
• Familiarity with global regulatory requirements and guidance for medical devices (e.g., FDA Pre- and Postmarket guidance)
• Experience implementing DoD’s and DHA processes such as RMF, scanning, CMMC, ATO, etc.
• Experience developing System Security Plans
• Extensive background in DoD cybersecurity compliance
• Experience with FIPS 140-2 compliance
• Familiarity with FEDRAMP
• Experience with government PKI requirements (CAC, PIV)
• Executive presence and demonstrated experience in leadership, coaching, empowering, and recognizing others
• Proven aptitude for strategic decision making, planning, vision, and governance for customer experience and IT support operations
• Exceptional collaborator with the ability to influence
• Proven ability to professionally communicate clearly and effectively both verbally and in writing to technical and non-technical audiences
• Proven ability to organize multiple priorities and manage projects and team to achieve deliverables that meet or exceed agreements and expectations
• Knowledge of medical device software life cycle processes is a plus
• Experience with cybersecurity, data governance, and privacy standards (HIPAA, ISO 27001, NIST, UL 2900)
• Ability work on the big picture strategy while addressing near-term tactical implementations

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

• Standing - Occasionally
• Walking - Occasionally
• Sitting - Constantly
• Talking - Occasionally
• Hearing - Occasionally
• Repetitive Motions - Frequently

Compensation for this position is $150K-$170K. Final compensation will be determined by various factors such as a candidate's relevant work experience, skills, certifications, and location.

If you would like to be considered for this role, we are asking that all applicants please apply by the end of the day on Friday, March 14, 2025.

ZOLL is a fast-growing company that operates in more than 140 countries around the world. Our employees are inspired by a commitment to make a difference in patients' lives, and our culture values innovation, self-motivation and an entrepreneurial spirit. Join us in our efforts to improve outcomes for underserved patients suffering from critical cardiopulmonary conditions and help save more lives.

ZOLL Medical does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need ZOLL immigration sponsorship (e.g. H1B, TN, STEM, OPT, etc.) either now or in the future.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.