Product Security Specialist for Medical Devices (Cyber Security) in City of Westminster

Product Security Specialist for Medical Devices (Cyber Security)

Full-time

Responsibilities

• Work to agile best practices and cross‑functionally with multiple teams and stakeholders. You’ll be using your technical skills to problem‑solve with our clients, as well as working on internal projects.
• Work with client product teams and functional groups on determining objectives, scope, and timelines for key product security initiatives and architecting the delivery methodologies.
• Assess security risks across client product portfolios and recommend remediation strategies while balancing business and technical requirements.
• Advice on strategies around coding, threat modelling, and security testing for embedded systems, IoT devices while ensuring compliance with industry regulations.
• Work alongside client R&D teams to lead on secure code reviews, threat modelling, security risk assessments, vulnerability assessments, and validation and verification of controls.
• Monitor emerging cybersecurity threats in the IoT and medical device landscape and write thought leadership to showcase PA’s point of view on these.
• Build strong stakeholder relationships across our clients.
• Foster team growth, training and deliver outcomes.
• Support and drive business development efforts.
• Manage projects with expertise.
• Solve problems with a consulting approach.
• Hybrid working with the team on client site or in our office a minimum of two days per week. However, the actual time you spend and where you spend it will vary by role or assignment, including up to five days per week on a client site.

Qualifications

• 5+ years of relevant experience in the medical devicespace (either industry or through consulting/service provider).
• Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance.
• Experience assessing security risks using industry standard methods (penetration test results, threat modelling, security testing) and determining residual risk after applying compensating security controls.
• Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2 and familiarity working with Quality Management Systems.
• Experience working with teams in a structured software development lifecycle process.
• Excellent interpersonal skills, both written and verbal, with the ability to clearly convey complex security topics to a wide audience – technical and non‑technical teams.
• Proven track record of achieving outcomes and nurturing relationships.
• Skilled in crafting compelling proposals and other business development materials. Proficient in cultivating opportunities within the client base and network.
• Holds Cyber Security accreditations/qualifications such as CISSP, CSSLP, CISM, indicating a solid foundation in the field.
• You thrive in problem‑solving and analytical thinking.
• You enjoy collaborating with multiple stakeholders in a fast‑paced environment.

Benefits

• Health and lifestyle perks accompanying private healthcare for you and your family.
• 25 days annual leave (plus a bonus half day on Christmas Eve) with the opportunity to buy five additional days.
• Generous company pension scheme.
• Opportunity to get involved with community and charity‑based initiatives.
• Annual performance‑based bonus.
• PA share ownership.
• Tax efficient benefits (cycle to work, give as you earn).

Additional Information

• Please be aware that some of our UK roles at PA Consulting require a UK security clearance.
• All PA people are required to undergo background checks and to achieve the Baseline Personnel Security Standard. Some UK roles also require higher levels of National Security Vetting, where applicants must have at least five years of continuous residency in the UK.
• We therefore ask that you only apply if you meet the residency requirements (i.e. you are a British citizen or have been resident in the UK for the past five years). If you’re unsure about your eligibility, we encourage you to review the UK Government’s guidance on security vetting before applying.
• We’re committed to advancing equality. We recruit, retain, reward and develop our people based solely on their abilities and contributions and without reference to any protected characteristic. We welcome applications from under‑represented groups.
• Adjustments or accommodations – Should you need any adjustments or accommodations to the recruitment process, at either application or interview, please contact us on recruitment@pa.com.

Application Process

• Quick call with one of our Tech Recruiters – to discuss your application, the role and PA.
• Round 1: Either a competency or technical interview (60 minutes).
• Round 2: Either a competency or technical interview, whichever you didn’t do at first round (60 minutes).
• Final round: Meeting with a PA leader – a mini case study and discussion around your client‑centricity (60 minutes).