YOUR TASKS AND RESPONSIBILITIES

The primary responsibilities of this role, Head Radiology Medical Device Cybersecurity, are to:

• Develop, socialize, and drive program initiatives related to medical device cybersecurity

• Lead the Bayer Radiology Medical Device Cybersecurity Task Force

• Continuously monitor the threat landscape and determine exact impact of threats and incidents to Bayer Radiology legacy and developing medical devices

• Support commercial team with pre-market consultation and lead preparations and conduct/follow-up on meetings and teleconferences with prospective customers

• Support the Bayer Regulatory team and lead preparations and conduct/follow-up on meetings and teleconferences with regulatory bodies, such as FDA

• Support the ongoing Risk Management Framework (RMF) certification effort, requiring consistent monitoring and product assessment against United States Department of Defense security rules and requirements

• Support field service team with post-market consultation and lead preparations and conduct/follow-up on meetings and teleconferences with customers

• Lead and manage the Incident Response Team and maintain the Incident Response Policy

• Support the Bayer Technical Assistance Center (TAC) and Bayer Customer Complaint function with post-market incident response consultation and lead the development of internal and external approved communications describing Bayer’s position in response to security incidents and consistent with business strategy

• Support the Bayer Radiology Legal function with consultation and advise on responses to legal agreements containing product security clauses or required action in response to cybersecurity incidents with respect to Bayer Radiology medical devices

• Work directly with Bayer Risk Management function to assess incidents and threats and to support response to CAPAs

• Provide leadership and support to the Bayer Safety Review Board during incidents and provide reliable information for the board to make informed decisions

• Assist in the preparation of security documentation for 510(k) submissions as well as preparation and maintenance of technical documentation in compliance with regulations

• Direct the efforts of the Cyber Signal Assessment team – attend meetings, lead discussion on response to incidents, insure decisions and direction of the team are aligned with business strategy and objectives

• Manage and direct the efforts of the Bayer Radiology Medical Device Cybersecurity team

• Clearly communicate recommended medical device cybersecurity strategies to the organization

• Maintain current understanding of changing local and global regulatory requirements, and communicate impacts, including necessary adaptions, to peers, senior management and cross-functional team stakeholders

• Ensure medical device cybersecurity compliance, including change management, with all applicable cybersecurity regulations and standards and proactively monitor the landscape and advise the organization on actions to be taken with regard to opportunities or threats

• Act as a company liaison to industry trade associations. Review and suggest possible organization reaction to new or proposed legislation

• Manage the Cybersecurity lab and associated software and hardware tools. Maintain efficient processes to support on-demand and periodic product scans and vulnerability assessments

• Lead and manage the benchmarking effort to enable objective measurement of the performance of the Bayer Radiology Medical Device function and develop metrics that support communicating this performance with various stakeholders across the organization

WHO YOU ARE

Your success will be driven by your demonstration of our LIFE values.  More specifically related to this position, Bayer seeks an incumbent who possesses the following:

Required Qualifications:

• B.S. degree in engineering, computer science, or related field

• 12 years of industry experience

• 10 years of Medical device experience

• Ability to articulate and solve medical device cybersecurity issues independently

• Ability to communicate and negotiate effectively both verbally and written

• Team and customer orientation

Preferred Qualifications

• M.S. or Ph.D. degree in similar field

• 3 years of cybersecurity experience

• Strong familiarity and hands-on experience working with medical device cybersecurity regulations and regulatory bodies (FDA, Health Canada, etc)

• Working knowledge of HIPAA/HiTECH regulations and NIST cyber framework

• Experience in FDA and EU medical device 510(k) security documentation requirements