Senior Manager, Product Security Architect (Remote/Flexible)

Insulet started in 2000 driven to achieve our mission of enabling our customers to enjoy simplicity, freedom and healthier lives using our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients who have insulin-requiring diabetes, by using innovative technology that is wearable, waterproof, and lifestyle accommodating. We are on an exciting trajectory of significant growth and global expansion enabling us to reach more patients around the globe.  

We are looking for highly motivated, performance driven individuals who want to be part of building our Center of Excellence and be at the forefront of our rapidly growing global footprint. We are looking to hire amazing people who are guided by shared values and desire to exceed customer expectations. Our continued success depends on it.  

Position Overview: 

As the Senior Manager of Product Security Architect, you will have the opportunity to guide product security architects supporting embedded, hardware, mobile and cloud components of all Insulet Medical Products, enable implementation of these products in coordination with a cross-functional team, identify requirements for conducting security assessments of the existing products.  You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. 

Responsibilities: 

• Guide medical product security architects in Identifying secure architectural requirements and controls to inform and enable designing of secure medical products comprising embedded firmware, hardware, mobile, and cloud components and leverages various wireless communication protocols.  

• Provide Subject Matter Leadership in technical areas including but not limited to Cryptography and Secure Key Management, Hardware and Embedded Security, Communication protocols in support of implementing secure medical products. 

• Provide security guidance to ensure programs and products meet medical device security standards (such as AAMI TIR 57) and FDA’s pre-market and post-market cybersecurity guidance. 

•  Conduct risk assessments for all embedded products and integrations to deliver risk-based approach in securing medical devices. 

• Research emerging technologies and assess their applicability to the products. 

• Collaborate with cross-functional team members from Quality, Regulatory, Legal, Privacy, Compliance, Architecture and Product Development to ensure security in incorporated by-design, during development, and managed in deployment. 

• Identify, review and draft Security Policies, Standards, and Guidelines related to Medical Device Security. 

• Support cybersecurity deliverables for regulatory submissions. 

• Play an instrumental role in rolling out secureSDLC process across the organization. 

• Mentor technical product security architects and other product and enterprise IT members across the organization. 

• Position to be considered as a though leader within and in the medical technology sector. 

Qualifications: 

• Bachelor’s degree in electrical engineering or computer science, or equivalent practical experience 

• 10+ years in cybersecurity with a desired focus on security engineering, cloud security, and security architecture especially with embedded software.  

• 5+ years of experience in managing direct reports. 

• Exceptional interpersonal and collaboration skills and demonstrated experience in conflict resolution. 

• Experience working on security technologies (e.g., virtualization, secure boot and firmware update, cryptography, key management, physical defense and secure debug, and test infrastructure). 

• Experience with performing Security Testing and Penetration Testing techniques on embedded device, mobile hardware and software, and in cloud environment. 

• Experience in securing Amazon and Azure cloud environment and NIST 800-53/CIS controls. 

• Experience working on security technologies (e.g., ARM TrustZone, cryptography, and key management). 

• Programming skills in C, C++, Java, .NET or other languages – preferred. 

• Understanding of various types of Exploits, Threat Modeling, and Attack surfaces. 

• Excellent communication, organizational skills, and experience in translating business goals into technical security deliverables. 

• Knowledge of Bluetooth and Bluetooth Low Energy communication protocols. 

• Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle. 

Required Leadership/Interpersonal Skills & Behaviors: 

• Effectively communicate complex information, concepts, and ideas in a clear and organized manner through verbal, written, and visual mechanisms. 

• Strong collaboration skills and an ability to work with cross-functional teams across the security and privacy organization and broader Corporate Technology organization. 

• Ability to work with virtual and global teams in a fast-paced environment. 

• Experience balancing security needs with broader business objectives. 

NOTE: This position is eligible for 100% remote working arrangements (may work from home/virtually 100%; may also work hybrid on-site/virtual as desired). #LI-Remote