Cybersecurity Architecture

Key Responsibilities:
1. Cybersecurity Architecture Design & Implementation:
Design and implement robust cybersecurity architectures for medical devices and healthcare applications, incorporating risk management, encryption, authentication, and secure data transmission.
Integrate cybersecurity plans and secure development practices into the product lifecycle to address emerging threats and regulatory requirements.
Collaborate with cross-functional teams (R&D, QA, Regulatory) to incorporate EN IEC 81001-5-1:2022 and EN IEC 80001-1:2021 standards into medical device software and systems.
2. Regulatory Compliance and Cybersecurity Documentation:
Develop and maintain Cybersecurity Plans and relevant artifacts for FDA premarket submissions (e.g., 510(k), PMA), aligning with FDA cybersecurity guidance. Ensure conformity with EU MDR General Safety and Performance Requirements (GSPR), particularly cybersecurity-related clauses. Prepare and oversee documentation for MDCG guidelines:
MDCG 2019-16: Guidance on cybersecurity for medical devices.
MDCG 2020-1: Guidance on clinical evaluation and risk-based cybersecurity.
MDCG 2019-11: Guidance on software classification under MDR.
MDCG 2022-2: Guidance on medical device cybersecurity postmarket processes.
3. Threat Modeling and Risk Assessment:
Perform Threat Modeling and Cybersecurity Risk Assessments to identify vulnerabilities and mitigate risks for medical devices and healthcare applications.
Align risk assessment strategies with ISO 14971, NIST Cybersecurity Framework, and FDA postmarket guidance.
Leverage CLSI AUTO11 standards to ensure secure and compliant design of healthcare-related automated systems.
4. Technical Leadership:
Lead the development and implementation of secure development lifecycle practices (SDLC), including secure coding, penetration testing, and vulnerability management.
Oversee compliance with IEC 62304 for software lifecycle processes and IEC 60601 for electrical safety requirements.
Ensure integration of EN IEC 81001-5-1:2022 for secure product development and risk mitigation of health software.
5. Cross-functional Collaboration:
Partner with quality, compliance, and engineering teams to address cybersecurity risks from design through post-market phases.
Support regulatory affairs in preparing cybersecurity sections for regulatory submissions across global markets (FDA, EU MDR).
Stay current on evolving cybersecurity threats and standards for medical devices and healthcare technologies.
6. Postmarket Monitoring & Incident Response:
Develop incident response frameworks to address cybersecurity vulnerabilities post-launch.

Monitor emerging threats and implement proactive strategies to maintain device safety and security.

Required Qualifications:
• Education: Bachelors or Master’s degree in Cybersecurity, Computer Science, Engineering, or related field.
• 10+ years in cybersecurity, including 5+ years in medical device cybersecurity and regulatory compliance.
• Demonstrated experience with FDA cybersecurity submissions, EU MDR, GSPR, and implementation of MDCG guidelines.
• Strong expertise in risk assessment, threat modeling, and secure development lifecycle processes.

Technical Skills:
• Proficient in implementing standards like ISO 14971, IEC 62304, EN IEC 81001-5-1:2022, EN IEC 80001-1:2021, and CLSI AUTO11.
• Hands-on experience with vulnerability assessments, penetration testing, encryption, and authentication frameworks.
• Certifications: CISSP, CISM, CEH, or relevant cybersecurity certifications preferred.

Preferred Skills:
• Experience with healthcare IoT/IoMT device security.
• Strong understanding of postmarket security management under FDA’s Medical Device Safety Action Plan.
• Knowledge of clinical risk management frameworks and software validation processes (21 CFR Part 11, Part 820).