TEEMA
Cyber Security Specialist - Medical Devices
TEEMA, Farmington Hills, Michigan, United States
Job Title:
Cyber Security Specialist - Medical Devices
Job ID:
75494
Location:
Farmington Hills, Michigan
What you will be doing:
Regulatory Submissions Lead the creation of cybersecurity documentation required for USA FDA and EU MDR submissions, including:
Threat models and risk assessments. Security test plans and reports. Mapping cybersecurity risk to overall device safety. Residual risk analysis and mitigations. Security requirements traceability. Ensure all documentation adheres to FDA Premarket Guidance and EU MDR formatting and content requirements. Cybersecurity Integration
Collaborate with engineering teams to integrate cybersecurity risk management throughout the SDLC, ensuring all risks are appropriately documented and mitigated. Align risk management files with ISO 14971 and AAMI TIR57 guidelines. Risk and Vulnerability Management
Conduct cybersecurity assessments and ensure findings are addressed in submission documentation. Document SBOM (Software Bill of Materials) for submission, including vulnerability disclosure plans. Compliance and Standards
Stay updated on evolving regulatory requirements (e.g., FDA guidance, MDR updates) and integrate changes into processes and documentation. Develop processes to streamline the creation of future submission-ready cybersecurity documentation. What you must have:
Medical Device Experience (5+ Years)
A minimum 5 years of direct, hands-on experience in medical device cybersecurity, preferably a Class III devices. Have demonstrated experience in creating documentation for at last one FDA 510K, PMA submission, or EU MDR technical documentation submission. Hands-on experience with standards like ISO 14971, IEC 62304 and ISO 13485 and experience in aligning these with regulatory requirements. Proven track record of working on devices with Bluetooth communication, mobile apps, and cloud integration. Regulatory Documentation Expertise In-depth knowledge of FDA submission requirements, including:
Cybersecurity documentation for 510(k) and PMA submissions. Creation of threat models, risk management files, and security testing reports tailored to FDA guidance. Familiarity with CE marking requirements for the EU, including: Cybersecurity sections for Technical Documentation under MDR. Ensuring compliance with ISO 14971, IEC 62304, and IEC/TR 60601-4-5. Demonstrated ability to produce submission-ready documentation in formats acceptable to both the FDA and Notified Bodies. SDLC Integration
Expertise in integrating threat and vulnerability management across the Software Development Lifecycle (SDLC). Ability to trace threats, risks, and mitigations through design, development, and testing stages, ensuring that all necessary artifacts are prepared and submission-ready for the specific Notified Body. Cybersecurity Risk Management Experience in conducting and documenting:
Threat modeling (e.g., STRIDE). Risk assessments and alignments with AAMI TIR57 and ISO 14971. Security testing results, including penetration testing and vulnerability assessments, documented in submission-ready formats. Standards and Compliance Familiarity with relevant standards for medical device cybersecurity:
FDA Premarket Guidance for cybersecurity risk management. ISO 13485 for quality system integration. IEC 62304 for secure software lifecycle processes. Communication and Collaboration:
Strong ability to work cross-functionally with engineering, regulatory, and quality teams to ensure submission documentation meets all regulatory requirements. Experience presenting and defending cybersecurity strategies and documentation during audits or regulatory reviews. Other Information:
Duration:Part-time (1-2 days/week) for 3 months initially but potential for longer term extensions
For more information about TEEMA and to consider other career opportunities, please visit our website at
www.teemagroup.com
Cyber Security Specialist - Medical Devices
Job ID:
75494
Location:
Farmington Hills, Michigan
What you will be doing:
Regulatory Submissions Lead the creation of cybersecurity documentation required for USA FDA and EU MDR submissions, including:
Threat models and risk assessments. Security test plans and reports. Mapping cybersecurity risk to overall device safety. Residual risk analysis and mitigations. Security requirements traceability. Ensure all documentation adheres to FDA Premarket Guidance and EU MDR formatting and content requirements. Cybersecurity Integration
Collaborate with engineering teams to integrate cybersecurity risk management throughout the SDLC, ensuring all risks are appropriately documented and mitigated. Align risk management files with ISO 14971 and AAMI TIR57 guidelines. Risk and Vulnerability Management
Conduct cybersecurity assessments and ensure findings are addressed in submission documentation. Document SBOM (Software Bill of Materials) for submission, including vulnerability disclosure plans. Compliance and Standards
Stay updated on evolving regulatory requirements (e.g., FDA guidance, MDR updates) and integrate changes into processes and documentation. Develop processes to streamline the creation of future submission-ready cybersecurity documentation. What you must have:
Medical Device Experience (5+ Years)
A minimum 5 years of direct, hands-on experience in medical device cybersecurity, preferably a Class III devices. Have demonstrated experience in creating documentation for at last one FDA 510K, PMA submission, or EU MDR technical documentation submission. Hands-on experience with standards like ISO 14971, IEC 62304 and ISO 13485 and experience in aligning these with regulatory requirements. Proven track record of working on devices with Bluetooth communication, mobile apps, and cloud integration. Regulatory Documentation Expertise In-depth knowledge of FDA submission requirements, including:
Cybersecurity documentation for 510(k) and PMA submissions. Creation of threat models, risk management files, and security testing reports tailored to FDA guidance. Familiarity with CE marking requirements for the EU, including: Cybersecurity sections for Technical Documentation under MDR. Ensuring compliance with ISO 14971, IEC 62304, and IEC/TR 60601-4-5. Demonstrated ability to produce submission-ready documentation in formats acceptable to both the FDA and Notified Bodies. SDLC Integration
Expertise in integrating threat and vulnerability management across the Software Development Lifecycle (SDLC). Ability to trace threats, risks, and mitigations through design, development, and testing stages, ensuring that all necessary artifacts are prepared and submission-ready for the specific Notified Body. Cybersecurity Risk Management Experience in conducting and documenting:
Threat modeling (e.g., STRIDE). Risk assessments and alignments with AAMI TIR57 and ISO 14971. Security testing results, including penetration testing and vulnerability assessments, documented in submission-ready formats. Standards and Compliance Familiarity with relevant standards for medical device cybersecurity:
FDA Premarket Guidance for cybersecurity risk management. ISO 13485 for quality system integration. IEC 62304 for secure software lifecycle processes. Communication and Collaboration:
Strong ability to work cross-functionally with engineering, regulatory, and quality teams to ensure submission documentation meets all regulatory requirements. Experience presenting and defending cybersecurity strategies and documentation during audits or regulatory reviews. Other Information:
Duration:Part-time (1-2 days/week) for 3 months initially but potential for longer term extensions
For more information about TEEMA and to consider other career opportunities, please visit our website at
www.teemagroup.com