Manager of Product Cybersecurity; Hybrid, Boston

Position: Manager of Product Cybersecurity (Hybrid, Boston)
We are constantly looking to add to our core talent. If you are seeking a career that is challenging and rewarding, a work environment that is diverse and dynamic, look no further — Haemonetics is your employer of choice.## Job Details
* We are seeking a Manager of Product Cybersecurity to lead and execute cybersecurity strategy for medical devices and Software as a Medical Device (SaMD) across the full product lifecycle.
* This role is critical to ensuring the safety, effectiveness, and regulatory compliance of connected healthcare products while enabling innovation and speed to market.

This is a player‑coach role: you will directly contribute to threat modeling, design reviews, vulnerability management, and regulatory submissions while leading and mentoring a small team of product security engineers.
*
* Key Responsibilities:

** Product & Engineering Security (Hands‑On)
* Lead and personally execute cybersecurity activities across the product lifecycle, from concept through post‑market support.
* Perform and review:  + Threat modeling and attack surface analysis  + Secure architecture and design reviews  + Security requirements definition and verification
* Manage and approve third-party penetration testing
* Partner with R&D to embed secure‑by‑design practices into hardware, firmware, software, cloud, and mobile components.
* Guide secure development aligned with IEC 62304, ISO 14971, ISO 270001, and other regulatory cybersecurity expectations.
* Integrate cybersecurity into design controls, software lifecycle processes, and system engineering practices.

Vulnerability & Incident Management
* Lead the product vulnerability management program, including:  + Vulnerability intake, triage, and risk assessment  + Coordinated disclosure and remediation  + CVE tracking and SBOM‑driven analysis
* Guide product cybersecurity incident response, including root cause analysis and corrective actions.
* Support efforts to ensure monthly security testing is running successfully across products through support integration of security tools through automation

Regulatory & Compliance Leadership
* Lead cybersecurity contributions for:  + FDA submissions (U.S.)  + EU MDR technical documentation  + Other international markets as required
* Author and/or review cybersecurity documentation, including:  + Threat models and risk assessments  + Cybersecurity sections of regulatory submissions  + Security architecture and design artifacts
* Ensure alignment with:  + FDA Cybersecurity Guidance  + EU MDR and IEC 81001‑5‑1  + ISO 14971 and IEC 62304  + NIST Cybersecurity Framework and relevant global standards

Leadership & Team Development
* Lead, mentor, and grow a team of product cybersecurity engineers.
* Balance hands‑on technical work with prioritization, planning, and delivery.
* Establish clear pragmatic cybersecurity processes, metrics, and accountability across product teams.
*
* Required Qualifications:

*** Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field
* 8+ years of cybersecurity experience, with direct experience securing medical devices or SaMD.
* 3+ years of experience leading or mentoring cybersecurity or product security teams.
* Strong hands‑on experience with:  + Secure software development  + Embedded and/or cloud‑connected medical devices
* Threat modeling and risk analysis
* Experience in healthcare and regulatory environments.
*** Preferred Qualifications
**** Experience supporting FDA submissions and regulatory audits.
* Familiarity with SBOM standards (e.g., SPDX, Cyclone

DX).
* Knowledge of cloud security for regulated healthcare environments.
* Familiarity with US Department of Defense (DoD) Authorization to Operate (ATO)
* Relevant certifications (e.g., CISSP, CSSLP, HCISPP).
** What Success Looks Like!
*** Overall product cybersecurity program is easy to understand and execute
* Products ship securely, compliantly, and on time without last‑minute cybersecurity surprises.
* Cybersecurity risks are clearly understood, documented, and mitigated throughout the product lifecycle.
* Engineering teams proactively integrate security into design and development.
* Regulators and auditors view…