Director, Security

About The Position

Requirements

• 7+ years' experience leading global cybersecurity teams and programs, preferably in medical technology, healthcare, or other highly regulated industries.
• Demonstrated success leading cybersecurity aspects of large-scale IT integrations, ERP transitions, systems harmonization, and M&A integrations within complex, multi-business-unit organizations.
• Proven ability to streamline and mature diverse security landscapes into efficient, scalable, enterprise-grade programs while supporting the unique needs of individual business units.
• Demonstrated experience in healthcare or another highly regulated industry.
• Deep hands-on knowledge of HIPAA Security Rule, HITRUST CSF, NIST CSF, and SOC 2 frameworks.
• Proven track record leading incident response for significant cybersecurity events, including ransomware and data breach scenarios.
• Experience managing and reporting to executive leadership and Board-level Risk/Audit committees.
• Strong knowledge of cloud security (AWS, Azure, GCP), zero trust architecture, and modern IAM/PAM solutions.
• Excellent communication skills: ability to translate complex security risk into clear business language.

Responsibilities

• Develop and execute a cohesive global cybersecurity strategy that directly supports the "One Enovis" IT transformation, corporate vision, and the drive for profitable, capital-efficient growth.
• Develop, own, and continuously mature the enterprise Information Security Program, aligned to NIST CSF, ISO 27001, and healthcare-specific frameworks.
• Define and enforce enterprise security policies, standards, and procedures across all global business units.
• Present security posture, risk metrics, and program updates to executive leadership and external auditors.
• Lead the organization's cyber risk management program, including risk assessment, risk register maintenance, and risk treatment planning.
• Manage the annual security budget; optimize spend across tools, services, staffing, and managed security providers.
• Oversee the 24x7 Security Operations Center (SOC) ensuring rapid detection and response to threats.
• Lead the Incident Response (IR) program: maintain and exercise IR plans, manage breach investigations, coordinate with legal, PR, and regulators.
• Drive vulnerability management, penetration testing, and programs to proactively identify and remediate exposures across all environments.
• Govern threat intelligence operations to anticipate emerging threats targeting healthcare organizations globally.
• Lead security architecture review for all major infrastructure and application initiatives, ensuring security-by-design.
• Oversee identity and access management (IAM/PAM) strategy, including MFA enforcement, SSO, and privileged access governance.
• Lead enterprise cybersecurity risk assessment and regulatory compliance including HIPAA, FDA cybersecurity requirements for medical devices, GDPR, and other global standards.
• Design and execute an enterprise-wide security awareness and training program tailored to all staff globally.
• Run simulated phishing and social engineering campaigns; track and report behavior metrics to leadership.
• Act as a security champion and culture carrier, fostering a 'security is everyone's responsibility' mindset across the global workforce.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Spending and Savings Accounts
• 401(k) Plan
• Vacation, Sick Leave, and Holidays
• Income Protection Plans
• Discounted Insurance Rates
• Legal Services