More jobs:
Product Security Manager
Job in
San Francisco, San Francisco County, California, 94199, USA
Listed on 2026-07-13
Listing for:
El Camino Health
Full Time
position Listed on 2026-07-13
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
San Francisco, CAtime type:
Full time posted on:
Posted Yesterday job requisition :
JR1574
** Career-defining. Life-changing.
** At iRhythm, you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what’s possible. We think big and move fast, driven by our commitment to put patients first and improve lives.
We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career
*
* About This Role:
** We are seeking a Product Security Manager with proven experience in the medical device industry. In this role, you will safeguard medical devices by identifying, assessing, and mitigating security risks unique to healthcare technology. You will collaborate with cybersecurity, development, product management, and regulatory teams to ensure that security is embedded across the product development lifecycle (PDLC) and the secure software development lifecycle (SDLC), in alignment with FDA cybersecurity requirements.
** Key Responsibilities**
* ** FDA Cybersecurity Compliance**:
Ensure compliance with FDA cybersecurity guidance and regulations in collaboration with Cybersecurity, Regulatory, Quality, and Systems Development teams.
* ** Risk Assessments & CSRAs**:
Conduct comprehensive security risk assessments, including
** Cybersecurity Risk Assessments (CSRAs)**, to identify vulnerabilities and threats across device hardware, firmware, software, and cloud components.
* ** Threat Modeling**:
Develop and maintain device-specific cyber threat models, factoring in patient safety, data privacy, and operational continuity.
* ** SBOM Management**:
Demonstrate familiarity with Software Bill of Materials (SBOM) and effectively communicate technical details.
* ** Security Documentation**:
Create and maintain cybersecurity documentation for pre- and post-market activities, ensuring regulatory alignment.
* ** Data Flow Diagrams**:
Produce detailed data flow diagrams to support the threat modeling process.
* ** Security Design Reviews**:
Participate in design reviews of medical device architectures and implementations, providing actionable recommendations for system security requirements.
* ** Vulnerability Analysis & Management**:
Perform and support
** vulnerability analysis
** and coordinate the vulnerability management program, including scanning, patching, and remediation for medical devices.
* ** Threat Detection Tools**:
Leverage and maintain
** application and threat detection tools** (Veracode, Snyk, Git Lab, or equivalent) to identify security flaws early in the SDLC.
* ** Incident Response**:
Support investigation and remediation of device-related security incidents, minimizing impact and preventing recurrence.
* ** Data Privacy Compliance**:
Partner with the Privacy Team to ensure adherence to HIPAA, GDPR, and other data protection regulations.
** Required Qualifications
*** Bachelor’s degree in Computer Science, Information Security, or related field.
* 8+ years of experience in information security, with direct focus on
** product security for medical devices**.
* Strong understanding of security principles, methodologies, and tools within the PDLC and SDLC.
* Demonstrated experience conducting
** Cybersecurity Risk Assessments (CSRAs)**,
** vulnerability analysis**, and working with modern threat detection tools (Veracode, Snyk, Git Lab, or similar).
* Familiarity with
** NIST Cybersecurity Framework, NIST SP 800-171, and deeper controls/frameworks such as NIST SP 800-53 (Security and Privacy Controls), NIST SP 800-92 (Log Management), and NIST SP 800-63 (Digital Identity Guidelines).
*** Hands-on experience with vulnerability identification and threat modeling within healthcare using methodologies such as STRIDE.
* ** Experience operating in a regulated environment** (FDA, HIPAA, GDPR, international regulatory frameworks).
* ** Experience with medical…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×