KARL STORZ is currently seeking an Information Security Officer (ISO) who is responsible for executing the company information security vision, strategies and tactics and for the implementation, enforcement, and monitoring of security policies, standards and working instructions based on group specifications within a KARL STORZ subsidiary. The ISO reports to the Regional ISO, Americas.

This position will be based at our El Segundo, CA offices, with the opportunity to work remote.

Responsibilities

Key responsibilities and tasks of the ISO include, but are not limited to the below functional domains in KARL STORZ:

• Identifying and documenting the information protection goals and needs in line with the corporate global strategy
• Implementing and ensuring the effective operation of the Information Security Management System
• Managing the information security risk assessment processes
• Identifying and adequately mitigating information security risks and threats
• Providing management and staff support with handling security issues in compliance with local processes
• Monitoring user compliance with the security policies, standards and work instructions
• Conducting self-audits and coordinating independent security reviews
• Promoting and supporting information security awareness to users and employees
• Organizing and conducting information security training for management, employees and users
• Maintaining relationships with local and national representatives and organizations of the law, local authorities and non-governmental organizations
• Aligning with the Regional ISO to advise on information security related topics
• Coordinating of information security requirements with company stakeholders
• Maintaining effective local cyber crisis management processes and activities

The ISO carries out the following tasks:

• Implementation and operation of the Information Security Management System in the KARL STORZ subsidiary
• Developing and implementing the local information security policy, sub-policies, procedures and guidelines to maintain information security standards and work instructions
• Preparing and recommending measures to enhance security posture and controls
• Communicating with external organizations, consultants and partners to ensure compliance with KARL STORZ information security controls and processes
• Monitoring of security violations and incidents to ensure applicable internal disciplinary and/or legal provisions are implemented in the event of violations
• Reporting of the ISMS parameters and key performance indicators to the global Information Security organization

Requirements

• Bachelor of Science
• Minimum of 5 years of relevant work experience
• CISSP or CISM certification
• Knowledgeable of US and EU standards related to cybersecurity
• Strong knowledge of ISO 2700X, NIST Cybersecurity Framework and HIPAA / HITRUST
• Ability to support required cybersecurity recommendations with fact-based explanations that business partners can understand and reach consensus agreements on
• Excellent written, oral and interpersonal skills with personnel at all levels.
• Exhibit a high degree of integrity, initiative and motivation.
• Ability to travel approx. 20%

Preferred

• 10 years relevant work experience
• CRISC and/or PMP certification
• Spanish and / or Portuguese language skills
• US standards related to data privacy
• EU standards – GDPR, NIS Directive
• FDA Pre-Market and Post Market Guidance of cybersecurity in Medical Devices
• Experience with FDA submissions with cybersecurity requirements for medical device hardware, software, networks including PACS devices
• IEC 62443
• Familiar with U.S. Department of Defense Risk Management Framework ATO process

#LI-CW1

#dice

#LI-CW1