Information Security Officer

Company: KARL STORZ Endoscopy - America
Location: Downey
Posted on: August 3, 2022

Job Description:

Company: KARL STORZ Endoscopy-America, Inc. (KSEA)

Job Code: 12415

Pay Grade: US-C17

Description

KARL STORZ SE & Co. KG based in Tuttlingen, Germany, is a family-owned, global company committed to benefiting humanity by advancing medical technology through innovation and education.

For more than 75 years, KARL STORZ has been dedicated to earning its international reputation as a leader that designs, engineers, manufactures, and markets all its products with an emphasis on visionary design, precision craftsmanship, and clinical effectiveness.

KARL STORZ is currently seeking an Information Security Officer (ISO) who is responsible for executing the company information security vision, strategies and tactics and for the implementation, enforcement, and monitoring of security policies, standards and working instructions based on group specifications within a KARL STORZ subsidiary. The ISO reports to the Regional ISO, Americas.

This position will be based at our El Segundo, CA offices, with the opportunity to work remote.

Responsibilities

Key responsibilities and tasks of the ISO include, but are not limited to the below functional domains in KARL STORZ:

• Identifying and documenting the information protection goals and needs in line with the corporate global strategy
• Implementing and ensuring the effective operation of the Information Security Management System
• Managing the information security risk assessment processes
• Identifying and adequately mitigating information security risks and threats
• Providing management and staff support with handling security issues in compliance with local processes
• Monitoring user compliance with the security policies, standards and work instructions
• Conducting self-audits and coordinating independent security reviews
• Promoting and supporting information security awareness to users and employees
• Organizing and conducting information security training for management, employees and users
• Maintaining relationships with local and national representatives and organizations of the law, local authorities and non-governmental organizations
• Aligning with the Regional ISO to advise on information security related topics
• Coordinating of information security requirements with company stakeholders
• Maintaining effective local cyber crisis management processes and activities
  The ISO carries out the following tasks:
  
  • Implementation and operation of the Information Security Management System in the KARL STORZ subsidiary
  • Developing and implementing the local information security policy, sub-policies, procedures and guidelines to maintain information security standards and work instructions
  • Preparing and recommending measures to enhance security posture and controls
  • Communicating with external organizations, consultants and partners to ensure compliance with KARL STORZ information security controls and processes
  • Monitoring of security violations and incidents to ensure applicable internal disciplinary and/or legal provisions are implemented in the event of violations
  • Reporting of the ISMS parameters and key performance indicators to the global Information Security organization
    Requirements
    
    • Bachelor of Science
    • Minimum of 5 years of relevant work experience
    • CISSP or CISM certification
    • Knowledgeable of US and EU standards related to cybersecurity
    • Strong knowledge of ISO 2700X, NIST Cybersecurity Framework and HIPAA / HITRUST
    • Ability to support required cybersecurity recommendations with fact-based explanations that business partners can understand and reach consensus agreements on
    • Excellent written, oral and interpersonal skills with personnel at all levels.
    • Exhibit a high degree of integrity, initiative and motivation.
    • Ability to travel approx. 20%
      Preferred
      
      • 10+ years relevant work experience
      • CRISC and/or PMP certification
      • Spanish and / or Portuguese language skills
      • US standards related to data privacy
      • EU standards - GDPR, NIS Directive
      • FDA Pre-Market and Post Market Guidance of cybersecurity in Medical Devices
      • Experience with FDA submissions with cybersecurity requirements for medical device hardware, software, networks including PACS devices
      • IEC 62443
      • Familiar with U.S. Department of Defense Risk Management Framework ATO process
        
        Vaccine requirements at KARL STORZ due to COVID-19
        KARL STORZ is committed to maintaining a safe work environment for our employees and therefore we require the COVID-19 vaccine for all of our employees unless otherwise due to an underlying medical condition or sincerely held religious beliefs. During the interview process, we encourage you to ask how COVID-19 may impact the role you are seeking and if you require a reasonable accommodation regarding the vaccine requirement see below on the process for requesting accommodation. Please click here to learn more about our overall response to COVID-19.
        
        Employee Benefits Program Overview for U.S. Locations
        
        • Medical / Dental / Vision including a state of the art wellness program and pet insurance, too!
        • 3 weeks' vacation, 10 holidays plus paid sick time
        • 401K retirement savings plan providing a match of 60% of the employee's first 6% contribution
        • Section 125 Flexible Spending Accounts
        • Life, STD, LTD & LTC Insurance
        • Tuition reimbursement of up to $5,250 per year
        • Fitness reimbursement up to $200 annually
        • Employee referral program of up to $2,000 per hire
        • And much more!
          Field sales, internships and part-time employees are not eligible except for where required by state law.
          Non-employees, including temporary workers and consultants, are not eligible to participate in KARL STORZ benefits program.
          
          KARL STORZ reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. Additionally, KARL STORZ, through its supervisors, may require an employee to perform duties outside their normal description within the sole discretion of the supervisor. Employee must comply will all applicable KARL STORZ policies and procedures.
          
          Equal Employment Opportunity & Reasonable Accommodation Statement
          KARL STORZ is committed to creating an inclusive space where employees are valued for their skills and unique experiences. To achieve this goal, we are committed to diverse voices and all applicants will receive consideration without regard to race, color, sex, national origin, disability, veteran status or any other protected characteristic. KARL STORZ is also committed to providing reasonable accommodations during our recruitment process. Should you need assistance or accommodation please email us at .
          
          Notice to Employment Agencies
          This recruitment assignment is being managed directly by KARL STORZ's Human Resources team. Human Resources will reach out to our preferred, contracted agency partners in the rare instance additional talent options are required. Your respect for this process is appreciated. KARL STORZ does not accept unsolicited Agency resumes. Resumes received which were unsolicited by KARL STORZ Human Resources department will be ineligible for referral fees.

Keywords: KARL STORZ Endoscopy - America, Downey , Information Security Officer, Other , Downey, California