Lead Product Security Analyst

Transform Your Career at iRhythm! Join iRhythm and be part of an innovative team dedicated to improving cardiac health solutions for people globally. You'll have the chance to enhance your skills while making a meaningful impact on patient lives. We cherish builders and problem solvers who think big and act fast, driven by our unwavering commitment to patient care. About This Role: Key Responsibilities FDA Cybersecurity Compliance : Ensure our products meet FDA cybersecurity regulations in collaboration with cross-functional teams. Risk Assessments & CSRAs : Conduct thorough security risk assessments, identifying vulnerabilities and threats across hardware, firmware, software, and cloud components. Threat Modeling : Create and maintain tailored cyber threat models prioritizing patient safety and data privacy. SBOM Management : Understand and communicate the intricacies of Software Bill of Materials (SBOM). Security Documentation : Develop and update cybersecurity documentation, ensuring compliance throughout all product stages. Data Flow Diagrams : Create detailed data flow diagrams to assist in the threat modeling process. Security Design Reviews : Engage in design reviews of medical device systems, offering actionable security recommendations. Vulnerability Analysis & Management : Execute vulnerability analysis and oversee our vulnerability management program, including scanning and remediation efforts. Threat Detection Tools : Employ and manage detection tools to identify security issues early in the software development lifecycle. Incident Response : Assist in the resolution of security incidents related to devices, mitigating impact and ensuring future prevention. Data Privacy Compliance : Collaborate with the Privacy Team to uphold standards like HIPAA and GDPR. Required Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. 8+ years of experience in information security, emphasizing product security for medical devices. Deep understanding of security principles within the PDLC and SDLC. Proven experience with Cybersecurity Risk Assessments (CSRAs), vulnerability analysis, and modern detection tools. Familiarity with NIST Cybersecurity Framework and relevant NIST publications. Hands-on experience in vulnerability identification and threat modeling in healthcare. Experience operating within regulated environments (FDA, HIPAA, GDPR). Expertise with medical device hardware or Software as a Medical Device (SaMD). Excellent problem-solving, analytical, and communication skills. Ability to understand interdependencies among teams across various domains. Demonstrated success with 510(k) submissions. Preferred Qualifications Relevant industry certifications such as CISSP, CISM, CISA, or specific medical device security certifications. Experience with international regulatory frameworks. Familiarity with penetration testing methodologies and tools. Proficiency in programming languages and technologies prevalent in medical device development. Location:

San Francisco The actual compensation may vary based on job-related factors, such as knowledge, skills, experience, and work location. Estimated Pay Range

$141,450.00 - $184,000.00 At iRhythm, we value diversity and inclusivity. We welcome candidates from all backgrounds and experiences. We are an Equal Opportunity Employer and committed to providing reasonable accommodations for individuals with disabilities throughout the hiring process. About iRhythm Technologies

iRhythm is at the forefront of digital healthcare, developing solutions designed to detect and prevent diseases through advanced biosensors and data analytics. Our commitment is to deliver better health outcomes through actionable insights from cardiac data. Be part of our transformative journey with Zio, the heart monitor that is redefining cardiac monitoring. If you encounter any suspicious communications regarding the hiring process that do not originate from @irhythmtech.com, please validate their legitimacy.