Philips Product Security Professional – Greater Market 

Kenya, Nairobi County 

282131366

Product Security Professional – Greater China Market

Key Responsibilities

• Identify Risks throughout the Idea-to-market (I2M) and work with other teams as necessary to provide mitigation and cost/benefit analysis

• Ensure customer security requirements are being addressed within our products

• Support business initiatives by providing solutions based on best practices, regulatory and customer requirements of product security

• Support the development of risk mitigations and control plans for the product in the Business

• Develop Risk and Benefits Cost analysis to present to the Product/Program Manager

• Ensure that all Penetration, Vulnerable assessment, and Fuzz testing are completed

• Conduct PSRA (Product Security Risk Assessments) for BU (Business Units)

• Perform Product Security Audit and Compliance activities

• Reporting on business specific Key Performance Indicators (KPIs)

• Work with Product Managers, Field Marketing, Services and Sales to collaborate on Product Security topics, incident response and customer complaints

• Work with Quality and Regulatory team on Product Security process and procedures in QMS (Quality Management System), and govern product security

• Work with product security officer and local teams to support L4L, L4G, G4L product security

• Support product NMPA registrations

• Support the M&A process on Product Security aspects

• Support to qualify China local security vendor

• Champion the importance of product security during the life cycle of products

• Develop/tailor and conduct product security training

• Bachelor or above degree in Computer Science Engineering

• Minimum of 5 years in product security or security risk management, or security designs

• Strong communication, presenting, problem-solving skills in global cross-site teams

• Experience in the complex digital architecture solutions using Web, Mobile apps, IOT, Cloud, AI, big data from both international and China specific ecosphere perspective, and knowledge of “Cryptography Application Security Assessment” and “Information Technology Application Innovation”

• Experience in incident handling and response

• Experience in designing software development products using SDLC (i.e., Agile, DevOps, DevSecOps)

• Experience in Health information security management (ISO 27799, ISO/IEC 80001, DIACAP) (Preferred)

• A solid development experience in security designs and penetration test (Preferred)

• Familiar with Laws and regulations on privacy, data protection, and breach notification (95/46/EC, GDPR, HIPAA, FDA, NMPA, MPLS, ISO/TS 14265, 21CFR820, SB1386, etc.)

• Familiar with China’s with Laws and regulations: Cybersecurity Law, Data Security Law, Personal Data Protection law, Multi Layer Protection Scheme 2.0, etc.

• Domain specific standards and approaches on privacy and product security (DICOM, IHE)

• CISSP/CISM/CCSK/CCSP Preferred

• This is a position that has the possibility to grow into the role. Please also apply when currently not all requirements are met.