Product Security Officer

Job Title

Job Description

Product Security Officer

As Product Security Officer, you are the leading expert (and responsible) in the designated business, markets and functions for all activities related to products & services security, both internally and for the products and services we deliver to our customers.

The Product Security Officer works across various environments, markets and business teams to maintain and expand a world-class capability and culture around product security and ensures that formal regulations and certifications are kept up to date and adhered to.

This role is also available in a hybrid mode in Best or Eindhoven.

Your role:

General

• Support/localize product security awareness, training and education programs.
• Supports, creation, approval and embedding of product security policies, adaptions, standards.
• Establish & deliver centralized reporting within Philips and to the business markets on the effectiveness of the product security function and its performance against strategic objectives.
• Aligns with the supplier security team on product security issues related to Philips suppliers/partners/3rd party ecosystems.

Product & Services Security

• Creating products & services security strategies, both short-term and long-range, in support of the business goals.
• Identify product/services security requirements throughout the Idea-to-market (I2M)/ Product Development Lifecycle Management and work with other teams as necessary to provide mitigation and cost/benefit analysis.
• Directing an ongoing, proactive product & services security risk assessment program so effective controls can be put in place for those areas presenting the greatest information security risk. Communicating risks and recommendations to mitigate risks to the senior management
• Supporting businesses in maintaining external business certifications and compliance with other (international) guidelines for information security.
• Assisting with business internal audits and overseeing and guiding external audits related to its products and services in the markets.
• Creating products & services security strategies, both short-term and long-range, in support of the business goals.
• Identify product/services security requirements throughout the Idea-to-market (I2M)/ Product Development Lifecycle Management and work with other teams as necessary to provide mitigation and cost/benefit analysis.
• Directing an ongoing, proactive product & services security risk assessment program so effective controls can be put in place for those areas presenting the greatest information security risk. Communicating risks and recommendations to mitigate risks to the senior management
• Supporting businesses in maintaining external business certifications and compliance with other (international) guidelines for information security.
• Assisting with business internal audits and overseeing and guiding external audits related to its products and services in the markets.

You're the right fit if you have:

• A Master’s degree or equivalent combination of education and work experience
• Minimum of 10 years in product/information security or risk management and/or related functions (such as IT audit, IT Risk Management and IT Compliance)
• Excellent knowledge of ISO27001/2 and NIST Cybersecurity frameworks
• Information security management or audit qualifications such as CISM/ CISSP/ CISA/ CRISC
• Experience in the creation and enforcement of information security (including the sensitivity to establish a risk based view on compliance), including compliance reporting
• Familiar with Information Security Management Systems (ISO/IEC 270001). Experience in Health information security management (ISO 27799, ISO/IEC 80001, DIACAP)
• Familiar with Laws and regulations on privacy, data protection, and breach notification (95/46/EC, HIPAA, FDA, ISO/TS 14265, 21CFR820, SB1386, etc.)
• Domain specific standards and approaches on privacy and product security (DICOM, IHE)
• Experience working in a large global organization
• Practical experience in highly regulated environment (FDA, SOx, Export, Privacy/GDPR, HIPAA)
• Excellent understanding of how different business units integrate into the strategic vision, business trends and the direction Security must take to support the business
• Strong interpersonal skills – communication, presentation, ability to influence and lead
• Motivated, positive attitude, and results-oriented
• English fluency
• Willingness to travel as needed
• Command of additional languages - an advantage

About Philips

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.