Product Security Officer

  • Location


  • Sector:

  • Salary:

    100,000 - 125,000EUR plus bonus

  • Contact:

    Rebecca Stevens

  • Job ref:


Product Security Officer (f/m/x)

Location: Würzburg, Germany (Can be On-site/Hybrid/Remote)
Salary: Circa €100,000 - €125,000 plus bonus (Dependant on experience)

Our client is a unified breathing company who are a recognized leader in the Respiratory Diagnostics, Ventilation, Anesthesia Delivery & Patient Monitoring market segments. This position could provide you with great autonomy, giving you freedom to grow and develop both on a personal level and with company which is taking huge leaps forward in its market. I know this is guaranteed, since we have supported 20+ great professionals to join them in the last 24 months, just in Germany.

This company are looking for a Product Security Officer (PSO) with a passion for people and culture, and a desire to directly impact business growth and sustainment at the Product level. The PSO is responsible for establishing and maintaining the product security program to ensure that products and associated technology, software, embedded software, and data are adequately protected in the product ecosystem(s).

• An interesting and varied task
• Flat hierarchies in a committed and cooperative team
• Reporting into Senior Leadership whilst also having direct reports
• Opportunities for professional and personal development
• An attractive remuneration with annual bonuses of 20%
• Flexible working hours for a good work-life balance
• Exciting projects
• 30 vacation days per year
• Reimbursement of travel expenses for public transport
• bike leasing
• Reduced rate at the local gym

• Evolving the product cybersecurity strategy for medical devices and support to establish standards for the identification and evaluation of threats and vulnerabilities in existing and future products of this company.
• Be a direct report for 2 Product Security Engineers
• Establishing and maintaining/sustaining product cybersecurity processes and procedures into the full lifecycle of this company’s products pre-market and post-market.
• Taking a data driven approach to tracking and reporting.
• Reporting directly into the Business Unit General Manager / CEO and drive risk awareness
• Recommendations to the company function Stakeholders, Leadership and Board.
• Aligning product security requirements with product team functions in Product Management, Marketing, R&D and Engineering, Product Service as well as corporate functions like Quality and Regulatory Affairs, Risk Management and Design Assurance.
• Identify product threats and vulnerabilities in a consistent manner applying market standard techniques.
• Inform the company and product risk evaluation and management to ensure patient safety and avoiding patient harm through cyber borne risks.
• Support to establish a responsible, vulnerability disclosure communication and product incident response plan including product management, corporate communications, and compliance/privacy. Own the customer facing product security communication.

Your Profile:
• Minimum 7 years in cyber security, ideally product security.
• A minimum of 4 years with people leadership and/or 3rd party resource management.
• Proven experience in the medical device or healthcare industries.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate product security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists and customers.
• Up-to-date knowledge of methodologies and trends in the product security field.
• Proven track record and experience in developing product security policies and procedures, as well as successfully executing programs that meet the objectives.
• Knowledge and understanding of relevant regulatory requirements set by the FDA, MDR.
• Working knowledge in NMPA, 2022 guidance, IEC 81001-5-1 and IEC 80001-1, AAMI TIR57.
• Experience in threat modelling, threat analysis and security testing.
• Professional security management certification is desired, such as Certified Information Systems Security Professional (CISSP), Healthcare Certified Information Systems Security Professional (HCISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, NIST 800-53 and Cybersecurity Framework.
• Experience with contract and vendor negotiations.

For more information or to apply email your CV to