Job Description

Job Summary

Zimmer Biomet is a world leader in musculoskeletal health solutions. Our team members are part of a company with a heritage of leadership, a focus on shaping the future, and a mission dedicated to alleviating pain and improving the quality of life for people around the world.

Digital Health/Product Security lead analyst is the key position responsible for supporting and enabling efficient and effective continuous improvement of Zimmer Biomets Secure Total Product Life Cycles (Secure-TPLCs) and Secure Software/System Development Life Cycles (Secure-SDLCs) for its digital health technologies, medical devices, products and services in support of our commitment to the highest standards of patient safety, quality and integrity; and, in alignment with the FDAs Cybersecurity Guidance and other related resources. The incumbent has a direct effect across the entire global enterprise. The position reports to the leader Global Product Security within the Information Security division.

Principal Duties and Responsibilities

* Will have a clear, complete and in-depth understanding of information security requirements, tools, and processes that apply to Secure-TPLC/SDLC programs needed to increase security across a global enterprise of product teams and portfolio of digital health products and services.
* Coordinates, supports, and enables the continuous improvement of building more mature security practices into our Secure-TPLC/SDLC processes, products, and services. Design projects to enable product teams and solutions to be better compliant with Industry best practice.
* Interact with business/product teams to understand the requirement and translate it into Security implementation.
* Under minimal direction, performs basic analysis, design, implementation and maintenance activities in various
* areas of digital health/product security.
* Coordinate incident response activities with product teams and CSOC as necessary.
* Works independently and leads assignments of moderate to medium complexity.
* Develop and report on metrics showing how the digital health products and services are protected.
* Consistently applies the concepts of appropriate standard methodologies and best practices for digital health/product
* Prepares reports, records progress and creates solutions to digital health/product security problems/issues.
* Partners with digital health/product team community to devise or modify procedures to solve complex problems or improve existing processes; and, advance the Digital Health/Product Security Program maturity and associated processes are efficient and effective.
* Interfaces with sales teams, customer healthcare delivery organizations (HDOs), and product teams as needed to respond to customer HDO diligence requests/questionnaires and makes recommendations.
* Applies principles, concepts and practices of the IT Competency Model at the Senior Analyst level.
* Proactively enforces worldwide and local security policies to ensure digital health technologies, medical devices, products and services are protected.
* Support development and maintenance of Digital Health / Product Security policies, standards, guidance, templates, tools, plans, et al. documentation.
* Lead or participate in other data protection program activities.
* Proactively promote global and local security policies to ensure information assets are protected.
* Provide guidance to peers, junior team members and/or other stakeholders.
* Lead process to identify, assess, risk-rationalize and report digital health/product security related risks and issues; monitor and report on digital health/product security KPIs/KRIs.

Expected Areas of Competence

* Strong understanding of Information Security, IT in general and Secure-SDLC in particular with a focus on building more security into the Secure-TPLC/SDLC.
* Strong understanding of information security technology, especially relating to Secure-SDLC.
* Ability to collaborate and build positive relationships across multiple stakeholders.
* Agile thinking and analysis that leads to win-win and innovative solutions.
* Ability to quickly and accurately triage product security issues and incidents to mitigate immediate threats.
* Strong analytical / problem solving skills.
* Strong interpersonal, influence and communication skills (written/verbal/presentation) at multiple levels and across boundaries; appropriately shares viewpoint and encourages the free exchange of information and opinions.
* Demonstrated ability to work successfully within a geographically distributed team and customer environment and to build effective working relationships.
* Demonstrates excellent project management and work planning skills; must be able to multitask effectively.
* Continuous improvement and results orientation; acts with a sense of urgency and delivers results on-time and on-budget.
* Has a winning attitude and instills a passion for winning with other team members, an attitude which is demonstrated by a can do approach.
* Knowledge of modern Secure-SDLC concepts and leading practices.
* Understanding of Zimmer Biomets complex environment preferred.

Education/Experience Requirements

* Bachelor's degree in Computer Science, Information Technology or related field required with at least 7+ years combined IT security or Secure-SDLC; OR Bachelors and Masters degree in Computer Science, business, IT or related
* field with at least 4+ years combined IT security or Secure-SDLC experience
* At least 4+ years of experience in Secure-SDLC and processes.
* 4+ years of experience developing and reporting on metrics showing how the Secure-SDLC is secure.
* 3+ years of experience interacting with software development team to understand the requirements and translate it into security implementation.
* At least one IT Security certifications required. (One or more certifications in the information security field such as CISSP, CISM, or other security certifications.)

Travel Requirements

Up to 5%

Additional Information

EOE/M/F/Vet/Disability

At Zimmer Biomet, we believe in The Power of Us, which means that we are stronger together. We are committed to creating an environment where every team member feels included, respected, empowered, and celebrated.