Information Product Security Officer
Lake Forest , California
September 10, 2017
Our goal is to ensure that our product development teams maximize economic value while designing secure products, optimizing product security features, performance, manufacturing costs and time to market in order to bring transformational eye-care products and services to the world with unsurpassed quality, security and reliability.

The Information Product Security Officer (IPSO) will be responsible for advancing the practice of product security design and development across Surgical Instrumentation and Informatics, and other businesses as needed. The role will champion the importance of security during the life cycle of Alcon's products, and will require influence and leadership through collaboration with R&D, Head of Data Privacy, Product Management, Services, IT, and Quality teams, as well as vendors and business partners. When applicable, the IPSO will manage functional reports within various geographic locations. The IPSO will directly report to the Global Director - Software Architecture & Engineering.

Cyber Threat Management
• Identify and monitor current and emerging threats related to the security of our products throughout product lifecycle.

Risk and Compliance Management
• Identify risks throughout the product development process, and work with other teams to provide mitigation plans and cost/benefit analysis. Monitor risk mitigation activities.
• Plan, perform or coordinate vulnerability assessments, penetration tests and fuzzing tests of surgical instrumentation within their environment.
• Plan and perform Product Security Risk Assessments for products of various businesses
• Plan and perform Product Security Audit and Compliance assessments

Security Monitoring and Incident Response
• Enhance security monitoring capabilities across products and their environment.
• Lead cyber incident response team, and plan and conduct incident response exercises with incident response organization.

Policy Management
• Review and enhance existing policies, standards and guidelines as required by changing security requirements. Work with relevant business units and product security teams as needed to achieve clarity on policy and guidelines.
• Support the Product and Security Services Office to drive security policies, standards and guidelines throughout the business.
• Work with the Head of Data Privacy to support Privacy by Design and adherence to Information Security best practices throughout the information life cycle.

Secure SDLC
• Liaison with product development and engineering teams and support business initiatives by providing solutions based on best practices, regulatory and customer requirements related to information security
Security Awareness and Training
• Develop/tailor and conduct information security training for R&D, product managers, program managers and architects.

Other Responsibilities
• Report on business-specific key performance and/or key risk indicators (KPIs/KRIs)
• Respond to customer inquiries about Alcon and vendor security and privacy practices.
• Work with Quality and Regulatory on product security process and procedures in the Quality Management System (QMS).

Alcon is an Equal Opportunity Employer and participates in E-Verify. As part of the Novartis Group of Companies, Alcon takes pride in maintaining a diverse environment and our policies are not to discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, marital or veteran status, disability, or any other legally protected status. Alcon is also committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information

alrpo EEO Statement The Novartis Group of Companies are Equal Opportunity Employers and take pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or any other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, marital or veteran status, disability, or any other legally protected status. Minimum requirements • Excellent written and verbal English communication skills are required.
• Bachelor's degree in Computer Science or Engineering. Master's degree is preferred.
• Minimum of 10 years of relevant work experience including secure SDLC (i.e., Agile, DevOps), threat modelling, risk management, vulnerability management, incident response and security monitoring.
• Certifications (e.g. CISSP, CISM, CISA) are a large plus.
• Experience working in large global organizations is a plus.
• Experience in Health Information Security Management (ISO 27799, ISO/IEC 80001, DIACAP)
• Familiar with Medical Device Product Development (ISO/IEC 13485, 14971, 62304)
• Familiar with Information Security Management frameworks (NIST CSF, ISO/IEC 27001)
• Familiar with global laws and regulations on privacy, data protection, and breach notification (e.g. 95/46/EC, HIPAA)
• Knowledge of domain-specific standards and approaches on privacy and product security (DICOM, IHE).
• Understanding of Windows and Linux operating systems and networking.

A little about us:
As the global leader in eye care, Alcon develops and manufactures innovative medicines and devices to serve the full life cycle of eye care needs.

Know someone who would be interested in this job? Share it with your network.