Staff Cybersecurity Compliance Architect
Description:
Job Description
GENERAL SUMMARY
We are seeking a highly skilled and detail-oriented Cybersecurity Architect to join our team. This role will be instrumental in leading the integration of cybersecurity best practices into the design and development of our medical devices and ensuring compliance with FDA regulations, including successful 510(k) submissions.
ESSENTIAL JOB FUNCTIONS
· Collaborate with cross-functional teams (engineering, QA/RA, clinical) to embed cybersecurity into product design, development, manufacture and service in the entire produce lifecycle.
· Develop and maintain cybersecurity risk management documentation in accordance with FDA guidance and ISO/IEC 81001-5-1, ISO 14971, and AAMI TIR57.
· Architect networked software systems for proactive cybersecurity robustness with an emphasis on access control and secure data transmission.
· Lead threat modeling, vulnerability assessments, and penetration testing for medical devices.
· Ensure compliance with FDA’s premarket cybersecurity guidance and support 510(k) submissions with appropriate documentation.
· Contribute to the development of a Secure Product Development Framework (SPDF).
· Monitor evolving cybersecurity regulations and standards (e.g., FDA, NIST, IMDRF) and update internal processes accordingly.
· Support post-market surveillance and incident response planning related to cybersecurity.
· Provide training and guidance to internal teams on cybersecurity best practices.
OTHER DUTIES AND RESPONSIBILITIES
· Certifications such as CISSP, CEH, or CISA are preferred. · Knowledge of IEC 62304 and ISO 13485 is preferred.
PREPARATION, KNOWLEDGE, SKILLS & ABILITIES
· Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Biomedical Engineering, or a related field.
· 7+ years of experience developing networked software systems
· 4+ years of experience in cybersecurity, preferably in the medical device or healthcare industry.
· Strong understanding of FDA cybersecurity guidance, 510(k) submission requirements, and quality system regulations (21 CFR Part 820).
· Experience with risk management frameworks and tools (e.g., CVSS, STRIDE, ISO 14971).
· Familiarity with secure coding practices, embedded systems, network protocols such as TLS, and networked medical devices.
· Strong foundation in both technical system design and regulatory compliance.
· Excellent communication and documentation skills.
Full-time