Senior Manager, Vulnerability Identification and Risk Management

Location:  Chicago, IL

Summary:

A brand new cyber-security team has formed to address vulnerabilities in IoT/medical devices.  This leader will build out their risk/vulnerability capabilities for this group. We are seeking a seasoned manager who understands technical aspects of Vulnerability Research, Penetration Testing, Cybersecurity Assessment and capable of building an organization structure to develop and deliver those capabilities. This individual should be capable of developing an organization capability responsible for identification of vulnerabilities and will understand  different types of vulnerabilities and how to identify them through different “hacking” techniques.    Scope will encompass both new and sustaining products, providing inputs and technical expertise to multiple teams to eliminate or mitigate identified cybersecurity risks. Build an organizational structure and lead Cybersecurity Risk Assessment and Cybersecurity Threat Intelligence teams to complete identified deliverables with quality, within specified timeframes and budget.

  • Develop, manage, and provide strategic guidance for Cybersecurity Risk Assessment service for Medical Devices across global franchise teams and product development life cycle.
  • Establish/build resource skill sets required to perform manual analysis of medical devices including but not limited to reverse engineering, disassembling, decompiling, and black box testing.
  • Coordinate R&D capabilities for security vulnerability and penetration testing
  • Guide and lead mitigation strategies for identified vulnerabilities across all product lines      
  • Develop and provide direction for Cybersecurity Threat Intelligence service for Medical Devices.
  • Mentor the development of Medical Device Cybersecurity Risk Rating Methodology
  • Pioneer and assure the adoption of Secure Coding development / review process        
  • Develop and manage a Cybersecurity Risk Analysis budget including operating expenses and capital project expenses.
  • Advise and mentor the development of service leaders and junior staff members, provide guidance in self-learning activities.
  • Understand and ensure compliance with all current and applicable laws, regulations, and guidance’s from US and EU that affect Medical Device Cybersecurity.

Qualifications:

  • Ability to lead and provide guidance for cross-functional teams across multiple locations
  • Strong team building, talent management, oral and presentation skills
  • Demonstrated track record of successfully creating program ./ services with the emphasis on delivering results
  • Experience creating product development policies, procedures, and standards
  • Proven ability to influence business leadership and cross-functional teams.
  • Experience in the following:  computer architecture, operating systems, embedded systems design, inter and inner process communications, networking protocols and their related implementations.
  • Experience with and understanding of compiled and interpreted programs and the types of security issues possible in each; database systems, web servers, application servers,  firewalls, routers, load balancers, switches, and different types of middleware; x86 assembly.
  • Experience with debuggers and disassemblers; malware analysis through reverse engineering, protocol analysis, and log analysis; intrusion analysis through reverse engineering, log analysis, forensic disk examination, and system review.
  • Experience with source code reviews (at least c/c++ and java) for security vulnerabilities.
  • Experience with the reverse engineering binaries (at least x86) for security vulnerabilities.
  • Bachelor Degree, with 7 years of Cybersecurity Risk Analysis experience.

Contact Information:

Jason M. Lentz
[email protected]
847.577.0300 x 107

Source:http://htassociates.com/senior-manager-it-risk-management-device-security-chicago-il/