Director of Digital Security and Data Privacy Natus Medical Incorporated
Schaumburg, IL

Job Description

About Natus:

Founded in 1989, Natus Medical Incorporated is a leading manufacturer of medical devices and software and a service provider for the Newborn Care, Neurology, Sleep, Hearing and Balance markets. Natus products are used in hospitals, clinics and laboratories worldwide. Our mission is to improve outcomes and patient care in target markets through innovative screening, diagnostic and treatment solutions.

Job Summary

Director of Digital Security and Data Privacy will be a senior leader who will lead the cybersecurity, digital security, data privacy initiative across entire Natus products and IT infrastructure, and serve as Chief Digital Security and Privacy Officer for Natus. Your role will be focused on defining and maintaining our security program in compliance with laws and regulations. This role will be responsible for digital security of products and services, IT infrastructure, security training and responding to customer questions. You will define security policies, perform security design reviews, threat modeling and breach response of products, including software, cloud services, third party software evaluations and integrations. This role reports to the VP of Engineering.

In this position you will:

* Develop and maintain the information security strategy, program, and roadmap.
* Implement and oversee company-wide security and data privacy policies, procedures, standards, and incident response plans.
* Respond to customer inquiries on digital securities implemented in products, services, and infrastructure
* Spearhead and ensure cyber security, HIPAA, GDPR and other regulations are incorporated into product development process
* Lead security reviews, threat modeling, and mitigation of application software, cloud infrastructure and corporate information.
* Self organize, drive cross-functional projects with legal, product, engineering, data, and business teams to prioritize security features and bugs, and ensure implementation and mitigation.
* Act as an SME on multiple information security areas (e.g. Security operations, application security, detection and response etc.).Develop strategy to monitor threats and vulnerabilities impacting Natus products, services, customers, providers and employees.
* Advance the security minded culture. Maintain and enrich general and role-based training programs for Natus Medical inc. to grow their security skills.
* Manage 3rd party audits and penetration tests.
* Be the focal point for security, privacy / data protection and data governance policy (Including GDPR) across the organization.
* Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as HIPAA, GDPR, financial, and data privacy
* Ensure that security is embedded in the project delivery process by providing appropriate information security policies, practices, and guidelines
* Oversee technology dependencies outside of direct organizational control that includes renewing of contracts and the creation of alternatives for managing risk
* Manage and contain information security incidents and events that protect corporate IT assets, intellectual property, regulated data, and the company's reputation
* Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
* Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals
* Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas
* Information Security Manager's responsibilities include identifying, developing, implementing and maintaining security-related processes that reduce the organization's operational risks. Duties and responsibilities include:
* Establishing and implementing security-related policies.
* Overseeing regulatory compliance.
* Ensuring data privacy.
* Managing the company's Computer Security Incident Response Team.
* Supervising identity and access management.
* Establishing and overseeing the organization's security architecture.
* Conducting electronic discovery and digital forensic investigations.
* Working with other high-level executives to establish disaster recovery (DR) and business continuity plans



Qualifications:

* Bachelor's degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experience
* Professional security management certification such as CISSP, CISO, CISM, and/or CISA required
* Strong knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
* Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, HIPAA, GDPR, and PCI DSS
* Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
* Knowledge of business IT ecosystems, SaaS, IaaS, PaaS, cloud computing, SOA, APIs, open data, open systems, event-driven IT and predictive analytics
* Exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation
* Strong leadership skills
* Excellent written, verbal, communication, and presentation skills
* Excellent planning and organizational skills
* Comfortable, experienced, and accomplished at working with business executives, and able to push back in a professional and diplomatic way
* Highly collaborative and supportive of business and our ideas and strategies

Benefits:

Natus offers competitive salaries, comprehensive benefit package that starts on your 1st day, 401k match, an employee stock purchase plan, 9 paid holidays, generous paid time off plan (4 weeks to start) and tuition reimbursement up to $5,000 annually.

Natus Medical is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, veteran status, disability, sexual orientation, gender identity, or any other protected status.