Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

We’re focused on helping people with diabetes manage their health with life-changing products that provide accurate data to drive better-informed decisions. We’re revolutionizing the way people monitor their glucose levels with our new sensing technology.

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You’ll also have access to:

Career development with an international company where you can grow the career you dream of.

Free medical coverage for employees* via the Health Investment Plan (HIP) PPO

An excellent retirement savings plan with high employer contribution

Tuition reimbursement, the student debt program and education benefit - an affordable and convenient path to getting a bachelor’s degree.

A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.

A company that is recognized as one of the best big companies to work for as well as the best place to work for diverse, working mothers, female executives, and scientists.

THE OPPORTUNITY

This  Cybersecurity Engineer position works remotely within the U.S .

What You’ll Work On

Contribute to the development of a risk-based cyber security program that meets regulatory requirements and aligns with industry-leading information security practices.

Perform threat identification and mitigation activities using industry-leading security controls and tool sets.

Work with a variety of cross-functional teams to ensure compliance with laws, regulations, and policies

Support Audit Readiness during external and internal Audit Activities

Assess threats to the business and deploy countermeasures for those threats.

Guide business units, application development teams, and third-party vendors to achieve program requirements while enabling the business.

Apply technical knowledge to protect the Company against cyber threats (e.g., knowledge of firewalls, intrusion detection and prevention systems, data loss prevention solutions, endpoint protections, log aggregation technology and other leading-edge security technologies).

Perform assessment of cyber security incidents to identify the root cause, respond, and recover the environment.

Support management in the development of strategies, policies, and standards to protect company information and technology assets.

Ensure compliance with business continuity management policies and processes in accordance with applicable regulatory requirements.

Implement and maintain security controls.

Assist with incident response as events are escalated, including triage, remediation, and documentation.

Implements security improvements by assessing the current situation, evaluating trends, and anticipating requirements.

Maintain quality service by following organization standards.

Attend regular project and implementation meetings and serve as the security consultant to help guide secure practices.

Keep up to date with the current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance

QUALIFICATIONS

Bachelor's degree in Information Security, Computer Science, or related field or an equivalent combination of education and work experience.

Minimum 2 years of expertise in valuing and implementing industry standards such as the ISO 27001/2, SOC 2, HITRUST, and FedRAMP Information Security standard and the ISO 22301 Business Continuity Standard. 

Experience with implementation and operational use of GRC toolsets (Governance Risk and Compliance)

Possess CISSP certification (or similar) and have knowledge of national and international regulatory compliances and frameworks such as ISO 27001, NIST cybersecurity, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.

Demonstrated knowledge of General Computer Controls, including Information Security, Information System Operations, Vendor Management, Business Continuity, Networks, Database, System Software, Hardware, and Application Development controls

Strong team player with the ability to communicate effectively within cross-functional groups and perform peer reviews of work products and documents.

Excellent organizational skills and critical attention to detail and deadlines with the ability to handle multiple tasks simultaneously

Self-motivated, well-organized, and able to position controls in anticipation of threats.

Preferred

Experience in Audit and certification process

Holds one or more cybersecurity certifications or has completed necessary coursework.

Strong analytical skills to analyze laws, and regulations and translate the security requirements into appropriate security programs, projects, controls, and training

Demonstrated excellent oral and written communication skills for interaction with all levels of management and staff, including the ability to communicate regulatory requirements, security objectives, policies, and standards in business terms

Medical device product security experience

Audit and Risk Management experience

Development process and security process knowledge

Experience in threat modeling and risk management

Vulnerability and penetration-testing skills

Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model and common security elements

Understanding of OWASP, CVSS, the MITRE ATT&CK framework

Displays an analytical and problem-solving mindset

Works calmly under pressure and with tight deadlines

Demonstrates effective decision-making skills

*

---