Director, Business Information Security

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field (required).
• 10–12 years of experience in information security, cybersecurity, or technology risk management, including leadership at the director or senior manager level.
• Demonstrated experience aligning security strategy with complex business objectives in a regulated environment.
• Strong understanding of security governance, risk management, and compliance frameworks.
• Proven ability to influence senior stakeholders and translate technical risk into business impact.
• Experience leading cross‑functional, matrixed teams and driving enterprise‑scale initiatives.
• Excellent communication, executive presence, and decision‑making skills.
• English required.

Nice To Haves

• Master’s degree in Information Security, Technology Management, Business Administration, or a related discipline (preferred).
• Experience supporting MedTech, healthcare, life sciences, or other highly regulated industries.
• Hands‑on experience with product security, cloud security, and third‑party risk management.
• Track record of leading security transformation or maturity programs.
• Experience operating in global organizations with complex regulatory landscapes.
• Demonstrated success building security culture and awareness programs.
• Additional languages are a plus.
• CISSP, CISM, CISA, or equivalent certifications (preferred).

Responsibilities

• Lead the development and execution of the business information security strategy aligned with DePuy Synthes objectives and enterprise security direction.
• Act as the primary security partner to business leaders, providing risk‑based guidance that enables innovation while protecting critical data and systems.
• Identify, assess, and manage information security risks across business processes, products, and digital initiatives.
• Oversee implementation and adoption of security controls, policies, and standards in alignment with enterprise frameworks and regulatory requirements.
• Drive incident preparedness, response, and recovery in partnership with enterprise cyber and technology teams.
• Influence secure‑by‑design practices across digital products, platforms, and third‑party engagements.
• Lead cross‑functional collaboration with IT, Legal, Privacy, Quality, Regulatory, and Compliance teams to ensure holistic risk management.
• Provide executive‑level reporting on security posture, risk trends, and remediation progress.
• Guide, mentor, and provide matrix leadership to security professionals supporting the business.
• Champion a strong security culture aligned with the Johnson & Johnson Credo and Leadership Imperatives.

Benefits

• Employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
• This position is eligible to participate in the Company’s long-term incentive program.
• Vacation –120 hours per calendar year
• Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
• Holiday pay, including Floating Holidays –13 days per calendar year
• Work, Personal and Family Time - up to 40 hours per calendar year
• Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
• Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
• Caregiver Leave – 80 hours in a 52-week rolling period
• Volunteer Leave – 32 hours per calendar year
• Military Spouse Time-Off – 80 hours per calendar year