Product Security Manager

The Product Security Manager is responsible for developing and managing a central Secure Development Lifecycle program, to ensure security and privacy by design across the entire product portfolio, covering all stages from pre-market development to post-market surveillance. This role involves developing and implementing global security strategies, conducting risk assessments, overseeing the implementation of security controls, and ensuring compliance with industry standards and regulations. The Product Security Manager collaborates with cross-functional teams, and plays a crucial role in safeguarding the company's reputation, protecting patient data, and maintaining the trust of customers and stakeholders throughout the product lifecycle. Key Accountabilities The Product Security Manager key accountabilities are: Manage the development and implementation of a comprehensive end-to-end Secure Development Lifecycle, ensuring that cybersecurity and privacy by design are embedded in all products (on-prem & digital), from pre-market to post-market Collaborate with cross-functional teams, including engineering, product management, and regulatory affairs, to develop a DevSecOps pipeline and culture Conduct third-party vendor and supply chain risk assessments to identify potential security threats and develop mitigation strategies Ensure compliance with industry standards and regulations, such as GDPR, HIPAA, NIST, and FDA cybersecurity guidelines Develop and deliver training programs to educate employees on product security best practices (lunch-and-learns, instructor led, table tops and more) Represent the company in industry forums and working groups related to product security Networking/Key relationships The Product Security Manager interacts with different stakeholders including: Company directors for strategy and risk management Product Security Director and the Data Privacy Officers to ensure alignment between company’s security and privacy compliance programs Product Security Officers to guarantee process harmonization across the different business units Regulatory Affairs to define procedures for product security Engineering (R&D) departments to provide support on Secure Development Lifecycle Quality Assurance department to provide support on security testing Minimum Knowledge & Experience required for the position: The qualifications required by the position are: Engineer, computer science or other technical degree, or equivalent work experience The required work experiences by the position are: 7 years experience in product security, including at least 2 years in a leadership or management role 3 years of software development experience The following work experience and qualifications are a plus: Solid knowledge on relevant standards such as IEC 62443, GDPR, HIPAA, and ISO 27001 Strong knowledge of Secure Development Lifecycle practices, standards and industry best practices Knowledge of medical device regulations Certifications such as CISSP, CISM, CCSP, CEH Skills & Capabilities: The skills and capabilities required by the position are: Strong analytical and problem-solving skills to identify and address security challenges and vulnerabilities Effective communication skills to convey complex cybersecurity concepts to both technical and non-technical stakeholders Willingness to stay updated on the latest cybersecurity trends, threats, technologies, and regulations through continuous learning and professional development Ability to lead and collaborate with cross-functional teams, share information, and work together to enhance overall cybersecurity posture Travel requirements: Less than 25% of the time

Location: Catalonia, ES

Posted Date: 8/9/2025