Product Cybersecurity Manager

Hybrid Role

The Product Cybersecurity Manager operationalizes and executes product cybersecurity governance and practices across the full product lifecycle for connected medical devices (hearing instruments and cochlear implants), embedded platforms, firmware, mobile applications, and cloud-based services — ensuring secure-by-design implementation, compliance, and resilience to evolving cyber threats.

The role drives consistent adoption of lifecycle cybersecurity practices within R&D, coordinates delivery of required cybersecurity evidence (e.g., threat models, risk assessments, SBOM-related inputs, verification outputs), monitors security posture and metrics, and escalates significant security risk decisions such as release-impacting issues to the Director, Product Cybersecurity as accountable risk owner.

Responsibilities:

• Execute and operationalize the global product cybersecurity strategy and roadmaps, ensuring adoption across R&D teams.
• Propose improvements and roadmap inputs to the Director, Product Cybersecurity.
• Drive implementation of cybersecurity principles, standards, controls, and processes across the product ecosystem by enabling teams, tracking progress, and ensuring consistent application.
• Provide regular risk and performance inputs (status, key risks, KPIs/KRIs) for product and senior management reporting.
• Monitor threat and regulatory landscapes and support definition of compliant, audit-ready processes.
• Embed cybersecurity into the product lifecycle aligned with the Secure Product Development Framework (SPDF) and applicable standards (e.g., IEC 62304, ISO 14971, IEC 81001 5 1).
• Drive secure design by defining security/privacy requirements and controls; verify architecture and implementation against security principles and coding standards.
• Drive and support integration of security checks and tooling into development workflows (e.g., CI/CD) to detect and address issues early.
• Lead and facilitate threat modeling and product cybersecurity risk assessments with global R&D teams; ensure effective mitigation planning and traceability to defined controls.
• Support regulatory submissions and audits by coordinating preparation of cybersecurity evidence and ensuring audit-ready traceability.
• Plan and coordinate security testing with internal and external partners; analyze findings and drive remediation.
• Manage third-party (incl. open source) cybersecurity risk, including supplier assessments and security input to contracts.
• Guide and coach product management, R&D, and quality teams, build cyber risk awareness, and strengthen capability through security champions and training.

More about you:

• Bachelor’s or Master’s degree in engineering or equivalent work experience.
• 5+ years of hands‑on experience in software engineering, secure SDLC, system/software architecture, DevSecOps, or technical project management.
• 3+ years dedicated to cybersecurity in product or platform contexts.
• Experience in regulated industries (medical devices) and cybersecurity preferred.
• Strong communication skills; able to translate complex security topics for diverse audiences
• Effectively communicate complex security topics to non-security audiences; integrate multidisciplinary inputs (engineering/marketing/regulatory).
• Threat modeling, security assessments/testing (SAST/DAST/pentest), security engineering, vulnerability management, and evidence production.
• Practical experience with relevant programming/scripting languages, frameworks/services, and protocols (e.g., Bluetooth/WLAN/TLS).
• Strong process/project management capabilities; agile methods and practices; business understanding; stays up-to-date with cybersecurity trends and regulations.
• Understanding of AI technology and associated threats; hands-on experience using AI technologyFamiliarity with Bluetooth/WLAN/TLS, scripting/programming languages, and modern development workflows
• Knowledge of security frameworks (NIST CSF, ISO 27001, MITRE), privacy regulations (GDPR, HIPAA), and medical device regulations (MDR, FDA)
• Proficiency with Windows, Linux, macOS, and collaboration tools such as Confluence, Jira, Polarion, and MS Teams.
• Basic understanding of AI technologies and associated risks; experience with agentic AI systems is a plus
• Certifications (ISC2, GIAC) are advantageous
• English fluency required; German basics a plus

A minimum of 200Mb/sec download and 10Mb/sec upload speed internet connectivity is required to support any remote/hybrid employee functionality at Sonova

Don't meet all the criteria?  If you’re willing to go all in and learn we'd love to hear from you! 

We are looking forward to receiving your application via our online job application platform. For this position only direct applications will be considered. Sonova does not recruit via app, telegram, carrier pigeon or any other format that does not include speaking with an actual human. If you are offered a job without speaking with someone please contact mailto:wholesale.HR@sonova.com

This role's pay range is between: $112,000 - $130,000. This role is also bonus eligible. 

How we work:

At Sonova, we prioritize the well-being of our employees and foster an inclusive environment that promotes engagement and collaboration. Our team-customized hybrid work model empowers teams to balance individual needs with business goals, offering flexibility and individualized time management. We recognize the importance of life outside of work and strive to create a supportive and motivating workplace where innovation thrives.