Job Description
You're an important part of our future. Hopefully, we're also a part of your future! At B. Braun, we protect and improve the health of people worldwide. You support this vision, bringing expertise and sharing innovation, efficiency and sustainability as values. That's why we would like to keep developing our company with you. Keeping your future in mind, we're making a joint contribution to health care worldwide, with trust, transparency and appreciation. That's Sharing Expertise.
Manager IT, Security.
Company :
B. BRAUN MEDICAL (US) INC
Job Posting Location :
Bethlehem, Pennsylvania, United States
Functional Area :
Information Technology
Working Model : Hybrid
Days of Work :
Wednesday, Tuesday, Thursday, Friday, Monday
Shift : 5X8
Relocation Available :
No
Requisition ID : 6842
B. Braun Medical Inc., a leader in infusion therapy and pain management, develops, manufactures, and markets innovative medical products and services to the healthcare industry. Other key product areas include nutrition, pharmacy admixture and compounding, ostomy and wound care, and dialysis. The company is committed to eliminating preventable treatment errors and enhancing patient, clinician and environmental safety. B. Braun Medical is headquartered in Bethlehem, Pa., and is part of the B. Braun Group of Companies in the U.S., which includes B. Braun Interventional Systems, Aesculap and CAPS.
Globally, the B. Braun Group of Companies employs more than 64,000 employees in 64 countries. Guided by its Sharing Expertise philosophy, B. Braun continuously exchanges knowledge with customers, partners and clinicians to address the critical issues of improving care and lowering costs. To learn more about B. Braun Medical, visit www.bbraunusa.com
Position Summary :
The Manager IT Security provides guidance and solutions concerning the effective implementation of reasonable and appropriate Information Security controls necessary to protect information assets and the supporting environment. This position will lead and support efforts to identify, report on, and resolve Information Security issues, to include continuous improvement of the security program standards and practices. The successful candidate identifies, investigates, analyzes, and remediates information security events in order to reduce exposure to risk.
Expertise : Qualifications -Education / Experience / Training / Etc
Required :
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to use hands to handle or feel and reach with hands and arms. The employee is occasionally required to stand and walk. The employee must occasionally lift and / or move up to 20 pounds.
Responsibilities : Essential Duties
The job functions listed are not exhaustive and shall also include any responsibilities as assigned from time to time.
General :
As the Security & Compliance Lead, you will :
Architect & Own the Security Posture - Map threat models, design layered defenses, and maintain a roadmap aligned with CIS Benchmarks, NIST SP 800-53, ISO 27001, PCI DSS v4, GDPR / CCPA, and other relevant standards.
Automate Security in the SDLC - Embed SAST, DAST, SCA, container, and IaC scans into CI / CD pipelines; enforce risk-based security gates with documented risk acceptance.
Lead Compliance & Governance - Drive external audits (PCI, SOC 2, HIPAA, etc.), automate evidence collection in SIEM / GRC platforms, and present risk posture in clear business language to executives.
Direct Incident Response - Maintain version-controlled IR playbooks, coordinate triage / forensics / post-mortems, run quarterly tabletop exercises, and reduce MTTR with automation-ready runbooks.
Drive Vulnerability & Threat Management - Correlate threat intel and CVE feeds with the asset inventory, prioritize remediation, enforce SLAs, and publish scorecards and risk heat maps.
Serve as Security Design Authority - Review and approve architectures, pull requests, and infrastructure changes; chair the Security Change Advisory Board (CAB) and validate rollback plans.
Validate Defenses Offensively - Execute penetration tests and purple-team exercises; oversee continuous attack surface mapping, remediation, and retesting.
Operate & Optimize Security Tooling - Manage WAF, SIEM, EDR, and cloud / SaaS guardrails across AWS, Azure, GCP, and key SaaS platforms; optimize detections and dashboards.
Mentor & Evangelize - Publish secure coding standards, deliver developer / SRE training, and foster a security-first culture across teams.
Measure & Improve - Define and track KPIs / KRIs (e.g., vulnerability age, scan coverage, incident MTTR, automation ROI, playbook effectiveness) and drive quarterly improvements.
Evaluate & Integrate AI / ML - Assess anomaly-detection models, LLM-assisted code review, and automated playbook generation while ensuring privacy, bias, and compliance controls.
Expertise : Knowledge & Skills
Responsibilities : Other Duties :
The preceding functions have been provided as examples of the types of work performed by employees assigned to this position. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed in this description are representative of the knowledge, skill, and / or ability required. Management reserves the right to add, modify, change or rescind the work assignments of different positions due to reasonable accommodation or other reasons.
Physical Demands :
While performing the duties of this job, the employee is expected to :
Lifting, Carrying, Pushing, Pulling and Reaching :
Activities :
Environmental Conditions :
Work Environment :
The work environment characteristics described here are representative of those an employee enc
It Security Manager • Bethlehem, PA, US