Cybersecurity Engineer in Digital Health IT
Do you want to be part of a new strategic focus area in Novo Nordisk? Are you passionate about technology and turning security into a business enabler? Are you able to translate complex technological challenges into simple solutions for stakeholders to understand and in that way build a relation to become a trusted advisor? And most importantly - can you bring value in our journey with the aim of bringing innovative digital products to patients across the globe, living with chronic diseases? Then we look forward to meeting you!
About the department
Digital Health IT work in close collaboration with the Digital Health business unit as well as external partners to bring innovative digital solutions to patients globally, living with diabetes and other chronic diseases.
Digital Health IT is responsible for the IT part of delivering Apps that are directly used by patients as well as the backend services and systems that supports these.
The Apps are used for medical purposes and will likely be integrated with connected medical devices such as connected insulin injection pens and connected glucose monitoring devices. Known as “Software as a Medical Device”, these Apps are highly regulated and have strict quality requirements to ensure patient safety.
To succeed with this endeavour, Digital Health IT employs a total of 40+ fulltime internal and external colleagues with various backgrounds such as Project Managers, Compliance & Quality experts, Digital Solution Architects, System Managers/DevOps and we have established close relations with 3rd party suppliers and developers, that are accustomed to deliver highly innovative products in this regulated environment.
The department is fairly new and is anchored within Digital Innovation in Global IT. As the name implies, we are continuously moving into new areas, where new and innovative competencies, solutions and perspectives are needed. The Department and colleagues are full of drive and are highly flexible and adaptive in an environment where changes, updates and releases are part of every day.
As a Cybersecurity Engineer, you will act as trusted advisor to provide technical expertise and guidance for all the components that makes up the eco-system of digital solutions. This eco-system consists of front-end components that are in the hand of patients and a range of IOT devices, including connected medical devices, smartphones, Apps and websites.
You will work with various cloud services and infrastructure projects from a cybersecurity perspective with the aim of helping out achieve our business goals. You will work closely with different stakeholders in both Line of Business, Global IT and in Global Information Security to ensure that advice and guidance aligns with the goals and strategy of Novo Nordisk.
You will also provide security guidance to the architecture of the backend cloud-based systems and the integration of these. To succeed in this position, you should have solid technical experience and a sincere interest in new technologies. In addition to this you are expected to understand the technologies involved in each of the components that makes up a digital solution, and you know how these are integrated.
In the role as Cybersecurity Engineer, you will act as security lead on one or more projects within Digital Health IT and fulfil the role as trusted security advisor to the Project Manager and the Project Team. In collaboration with 3rd party suppliers and the Lead Architect in Digital Health IT, you will be directly responsible for leading and defining the end-to-end product security architecture of the digital solution, and you will be involved in the evolution of the digital solution, from initial ideation to specifications and design. As these digital solutions will evolve over time, you will also provide security guidance for the continuous development of features and functionalities.
The position is based in Søborg, Denmark.
We expect that you have 5+ years of experience in Information Security, Cyber Threat Intelligence and/or offensive security practices - if not similar background. You are familiar with IT technical architecture and have a solid understanding of IT security, security risk management, cloud infrastructure security, and consumer application security, for instance working with smartphones, apps and Bluetooth/NFC connected devices.
You have at least a Bachelor degree within IT, or comparable education. In addition to this, you have relevant certifications such as CISSP, CISM or CISA, or knowledge and experience equivalent to these certifications. You may also possess cloud vendor security certifications for Azure, GCP and or AWS cloud services or desire to obtain such.
You might have experience working with public cloud environments and services and/or have a software development background. You might have some experience working with containerization, microservices and serverless computing architectures in a security context, and you may have worked as a security subject matter expert in the field of consumer-based products including smartphone apps and connected devices. This is not a hard requirement as curiosity and willingness to learn is more important.
Experience working in a regulated industry is an advantage as well as experience working with privacy regulation HIPAA/GDPR is useful. Knowledge of the US FDA recognized UL 2900 Cybersecurity standard for medical devices would be a strong attribute. Basic knowledge working with Risk Management standards like ISO14971, 62304, 13484 is also an advantage as you will be driving the security risk assessments for the product which will include threat modelling as part of the process.
As a person you are known to be positive and diplomatic. It is easy to be overwhelmed while trying to fend off an ever increasing list of threats, vulnerabilities and attack vectors, but you are able to manage this while keeping your cool and identifying realistic mitigations that can work without breaking budgets and timelines. You have a mindset that allows you to balance security best practices with other considerations from members of your team, whether they are certain business objectives, technical feasibility concerns or patient safety risks.
To succeed, it is crucial that you thrive with working in teams where you can inspire and motivate your stakeholders to take informed decisions. In addition, you must have strong work ethic and willingness to take responsibility to bring the best possible digital solutions to the market and you understand and value that you play an important part in making lives easier for people with diabetes and other chronic diseases. Since you will be working Globally you must expect some meetings to take place outside DK working hours and some travel activity.
Fluency in English (Oral and written) is a prerequisite.
Working at Novo Nordisk
At Novo Nordisk, we strive for excellence. As a world leader in diabetes care and a major player in haemostasis management, growth hormone therapy and hormone replacement therapy, we offer our employees opportunities for continuous growth.
For further information, please contact Eimantas Levanavicius on +45 3077 6973.
04 July 2021.
Millions rely on us
At Novo Nordisk, we don’t wait for change. We drive change. We’re a dynamic company in an even more dynamic industry, and we know that what got us to where we are today is not necessarily what will make us successful in the future. We embrace the spirit of experimentation, striving for excellence without fixating on perfection. We never shy away from opportunities to develop, we seize them. Working at Novo Nordisk is working toward something bigger than ourselves, and it’s a collective effort. Novo Nordisk relies on the joint potential and collaboration of its more than 40,000 employees to change the lives for the better for millions of patients living with diabetes and other chronic diseases. Together, we go further. Together, we’re life changing.