FUJIFILM Healthcare Americas Corporation is a leading innovator in diagnostic and enterprise imaging solutions designed to meet the evolving needs of healthcare across prevention, diagnosis, and treatment. Fujifilm's medical imaging portfolio includes solutions for digital radiography, mammography, computed tomography, magnetic resonance imaging, ultrasound, endoscopy, and endosurgery. The Synapse Enterprise Imaging portfolio provides healthcare professionals with the imaging and data access needed to deliver a complete patient record. REiLI, Fujifilm's artificial intelligence initiative, combines Fujifilm's rich image -processing heritage with cutting-edge AI innovations to inspire a new tier of clinical confidence. The In-Vitro Diagnostic portfolio provides the golden standard of molecular based immunoassay technology for liver surveillance, cutting edge clinical diagnostic chemicals for leading laboratories across the country and diagnostic chemicals for OEM white labeling products. The company is headquartered in Lexington, Massachusetts. For more information, please visit healthcaresolutions-us.fujifilm.com.

Job Title: Security Risk Manager

Job purpose

The Security Risk Manager will report to the Director of Security and Privacy and be responsible for: conducting inventory tool-based threat hunting activities to proactively identify vulnerabilities in company applications, systems and networks (to fulfill compliance and security best practice requirements), analyzing, planning and documenting collaboration with IT delivery team members to remediate security vulnerabilities, managing annual HIPAA Security Risk Assessment and ongoing risk management across a variety of departments and participating with incident response team in management of ongoing events.

Duties and responsibilities

Analyze and monitor IT Systems and applications for vulnerabilities and threat activities - this would include experience securing various computer hardware platforms and multiple operating systems in both stand-alone and LAN/WAN configuration
• Ensures software/systems are patched and vulnerabilities are managed and accurately remediated.
• Works on security alerts, collaborating and IT/Security team. Analyzes and evaluates alert for validity.
• Collaborates with Director of Security and Privacy on assignment prioritization and remediation activities; and executes plan with the IT delivery team, Cloud Services, and local IT teams in a timely manner.
• Uses tools to review and collaborate with administrators to programmatically manage:
  • Privileged access Accounts
  • Identity and access management
  • Data Security analysis
  • Infrastructure/Physical Security access
  • Application Security (email, web applications, O/S, file share systems, cloud applications)
• Assist in management of security breaches and other cybersecurity incidents as requested by Privacy/Security Officer.
• Stay current on IT security trends and news.
• Assist in uplifting company-wide culture of best practices for stewardship of confidential data privacy and security.
• Research security enhancements and make recommendations to management.
• Stay up to date on information technology trends and security standards.
• Other activities assigned by the Director of Security and Privacy
• Comply with all applicable U.S. Food and Drug Administration (U.S. FDA) medical device regulatory requirements, applicable ISO 13485 standard requirements and all other applicable laws, regulations, and standards.

Qualifications

• A bachelor's degree in computer science or related field or equivalent work experience in the Information Technology industry.
• 5-8 years of professional IT industry experience.
• CISSP, CCSP, CompTIA Security +, GSEC, CCST, and industry cyber security experience.
• 2-4 years of work experience with security configuration standards (CIS Benchmarks / HIPAA Security Rules /NIST), incident response, and remediation management.
• Experience in information security / cybersecurity for medical devices and software related to HIPAA controls.
• Understanding of firewalls, proxies, SIEM, IDS/IPS, GRC, antivirus, and server/network hardening.
• Ability to identify and mitigate network vulnerabilities and explain how to remediate them.
• Understanding of patch management with the ability to manage and document deployed patches in a timely manner while understanding business/customer impact.
• Experience working in security management of Medical Device(s), Medical Software and/or Data Hosting, supporting medical software or hardware preferred.
• Real life data breach, incident response, and medical industry experience. Dealing with ransomware and other highly visible attack methods preferred.

Physical requirements

The position requires the ability to perform the following physical demands and/or have the listed capabilities:

• The ability to sit up 75-100% of applicable work time.
• The ability to use your hands and fingers to feel and manipulate items, including keyboards, up to 100% of applicable work time.
• The ability to stand, talk, and hear for 75% of applicable work time.
• The ability to lift and carry up to ten pounds up to 20% of applicable work time.
• Close Vision: The ability to see clearly at twenty inches or less.

Travel

• Occasional (up to 25%) travel may be required based on business need.

Equal Opportunity Employer

FUJIFILM is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration without regard to race, color, national origin, sex, gender identity, sexual orientation, religion, disability, protected veteran status or any other characteristic protected by applicable federal, state or local law.