1. Security Architecture Development
- Develop and maintain comprehensive architecture and artifacts for multiple device platforms with the help of respective platform R&D team:
- Global System View: High-level design illustrating interconnected systems and data flows.
- Multi-Patient Harm View: Analyze and mitigate potential security threats leading to risks for multiple patients.
- Updateability/Patchability View: Ensure systems support secure and timely updates/patches to address vulnerabilities.
- Security Use Case View: Define security requirements and controls based on specific use cases and threat models.
- security into the product lifecycle.
2. Product Security Incident Response Team (PSIRT)
- Lead the PSIRT process for R&D alongside PSIRT lead for IT, ensuring swift response and mitigation of product vulnerabilities.
- Establish incident playbooks and coordinate root cause analysis (RCA) for reported security incidents.
- Work with engineering teams to implement fixes and ensure long-term improvements.
3. Risk Assessment & Compliance
- Perform risk analyses to evaluate security threats, especially those with potential impacts on patient safety.
- Ensure compliance with FDA cybersecurity guidelines, including premarket and postmarket regulatory expectations.
- Collaborate with Quality and Regulatory teams to provide security input for FDA submissions and audits.
4. System Updateability & Patchability
- Design architecture that prioritizes efficient, secure software updates and patch management across deployed systems.
- Establish automated processes for vulnerability scanning and remediation.
5. Collaboration & Stakeholder Communication
- Provide technical leadership and mentoring to engineering and operations teams on secure design principles.
- Communicate security risks, incidents, and mitigations to senior leadership and external regulators.