Principal - Product Security Leader

Job Description Summary

The Principal Product Security Leader plays a key role in enhancing Cyber security within GE HealthCare products and for the cloud based digital solutions. This role is responsible for overseeing the delivery and implementation of Cyber security process and solutions; Coordinating across departments and functions to ensure successful implement Cyber security controls; adoption of best practices for Cyber risk management and strategies for improving confidentiality, availability, and integrity. The Principal Product Security Leader will collaborate with different internal stakeholders, Product teams and external partners to ensure the strategies, solutions, and operations are aligned with the goals of the Cyber security organization

Job Description

Roles and Responsibilities

• Drive secure product development processes standards that can help in early detection and assessment of design flaws, vulnerabilities, weaknesses, missing security controls in products/Applications.
• Help team to architect cloud security solutions for securing GEHC SaaS products and should have good understanding of AWS and other security solutions, architecture blueprint and software supply chain security.
• Lead Threat modelling in various products and able to identify appropriate solutions to mitigate design threats
• Well versed with NIST 800-53 controls, CSA Cloud controls, Owasp Top 10 controls and able to articulate same to product development team to implement them within the assigned products and able to clarify cyber queries from development team
• Influence the development of GEHC products and ensure they are secure by design and by default.
• Lead Privacy Impact analysis based on product data flows, provide necessary privacy controls and regulatory controls based on specific country specific regulatory requirements
• Lead security Risk analysis by deployment of various risk management strategies and controls
• Interprets simple internal and external business challenges and recommends best practices to improve products, processes, or services. Evaluate & enhance product security processes to keep them lean and optimize security
• Uses high level of judgment to make decisions and handle cyber security complex tasks or problems in areas of Dev-SecOps, product management, Legal, compliances, or engineering. Has ability to assess quality of information given and ask pertinent questions to stakeholders.
• Promotes cyber standards through Secure Development Lifecycle (SDL) workshops, knowledge shares, and code walk-throughs and review SAST, DAST, Pen test reports.
• Require having specialized knowledge within the cybersecurity function to Influence the development of strategy for the area of responsibility, including control of resources and influences policy formulation.
• Understanding of HIPAA, FDA premarket cybersecurity requirements and medical device Quality and traceability requirements.
• Leverage AI tools in cyber processes and help product teams to mitigate newer threats in LLM, AI agents-based solutions.

Required Qualifications

• Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum 10 years of experience.
• Healthcare Industry experience preferred
• CISSP/CISA, CompTIA Security+, GSEC, or similar certifications are preferred
• AWS certification Preferred – Ex AWS Certified Security - Specialty
• AI certification preferred

Desired Characteristics Technical Expertise:

• Ability to consult stakeholders on alignment of outcomes and desired technical security solutions at a Product and enterprise level
• Ability to Analyze, design, and develop a software solution cyber roadmap and implementation plan based upon a current vs. future state of the business.
• Working knowledge of Cybersecurity configuration choices and related cost implications; Experience with complex solution configurations.
• Knowledgeable of overall cyber solution options and able to discuss overall solution at depth.
• Able to lead early-stage customer interactions; Guide customers as they develop confidence and comfort with approaches.
• knowledge of AWS Cloud platform systems cyber controls, Product deployment on cloud and Operation knowledge.
• Demonstrated ability to lead programs / projects. Ability to document, plan, and execute programs. Established project management skills.
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Excellent communication (written and oral) and leadership skills

Business Acumen:

• Adept at navigating the organizational matrix; understanding people's roles, can foresee obstacles, identify workarounds, leverage resources and rally teammates.
• Understand how internal and/or external business model works and facilitate Cyber security requirements within them.
• Able to articulate the value of what is most important to the business/customer to achieve outcomes

Inclusion and Diversity

GE HealthCare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Additional Information