As a Product Security Officer (PSO), you will join a newly established global information security organization under the Global Product CISO organization. The job holder is expected to independently manage, consolidate, prioritize, and coordinate all information security and data protection topics with the respective development teams throughout the entire lifecycle of the product. This includes, amongst others, initial development, operation, and further development of products. The job holder will also ensure that products, the corresponding development and, where applicable, operating processes, comply with state of the art, the company's internal security requirements and the relevant standards, regulations, and applicable laws. The job holder will actively participate in threat modeling to identify and detect all possible cybersecurity threats to products. Furthermore, the job holder will work closely with the relevant departments on implementing information security and data protection methodologies and processes and is the central point of contact between the respective business unit and the technical implementation in the development units. As such, the job holder will also represent information security and data protection issues in strategic decisions and coordination on business level. If required by the product, this also applies across sites or internationally for the corresponding product.

Main Tasks:
- Responsible for end-to-end product security lifecycle of digital healthcare products.
- Continuous adaptation of threat intelligence, threat modeling, security testing, and the global security requirements to changed standards and regulations as well as to new laws and the current threat situation.
- Organizing and participating in threat modeling sessions in various development projects.
- Creation of information security and data protection requirements based on protection needs analyses, threat modeling and risk analyses in cooperation with the respective development teams.
- Execution of product security requirement analyses.
- Coordination with the respective development teams regarding technical implementation and prioritization of requirements.
- Organizing penetration tests with external providers.
- Creation of security concept documents.
- Providing security and awareness training to stakeholders.

A minimum Bachelor's degree in Computer Science/Engineering or equivalent.

A minimum of two years of experience in product security. Experience for cloud-native products is preferred. CSSLP, CISSP and/or relevant certifications are preferred.

Product lifecycle experience (healthcare digital products is a plus), project management, network/system security, agile development, GDPR, HIPAA.

The annual pay range for this position is $113,200 - $141,500 .

The pay offered for this role may be influenced by factors such as job location, scope of role, qualifications, education, experience, & complexity/specialization/scarcity of talent.

This position is also eligible for a performance bonus.

ZEISS also offers robust benefits, including medical plans, retirement savings plan and paid time off.

Your ZEISS Recruiting Team:
Jo Anne Mittelman

Zeiss provides Equal Employment Opportunity without unlawful regard to an Applicants race, color, religion, creed, sex, gender, marital status, age, national origin or ancestry, physical or mental disability, medical condition, military or veteran status, citizen status, sexual orientation, pregnancy (includes childbirth, breastfeeding or related medical condition), genetic predisposition, carrier status, gender expression or identity, including transgender identity, or any other class or characteristic protected by federal, state, or local law of the employee (or the people with whom the employee associates, including relatives and friends).