Manager, Cybersecurity Governance & Risk

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Security or IT Security, Business, Finance, or other related area.
• 7+ years of experience in cybersecurity analysis, governance, risk, and compliance (GRC) within a global organization.
• Experience working in both in-person and virtual global team environments; demonstrated ability to work independently and collaboratively.
• Experience developing and maintaining working relationships with internal teams (Cybersecurity, IT, Business Units) and external partners (stakeholders, vendors).
• Experience managing program and operational budgets, vendor contracts, and procurement processes, including negotiations.
• Background in cybersecurity contract management, including Master Service Agreements (MSAs), software and subscription agreements, and professional services contracts.
• Experience creating and implementing cybersecurity GRC strategies aligned with organizational and regulatory requirements.
• Demonstrated ability to support progress on cybersecurity initiatives through structured problem-solving.

Nice To Haves

• Experience at Boston Scientific or a similar-sized global medical device organization.
• MBA or other advanced degree
• Cybersecurity certifications (e.g., CISSP, CISM, CRISC, PCIP)
• Project management and Agile certifications (e.g., PMP, Scrum Master)

Responsibilities

• Analyze the needs of the cybersecurity strategy and establish detailed objectives, goals, and priorities to drive Cybersecurity Governance and Risk Management initiatives, including the development of strategic roadmaps and Annual Operating Plan (AOP) submissions.
• Provide project management leadership for ongoing and future initiatives supporting the Cybersecurity Governance and Risk Management strategy across the enterprise.
• Lead and manage a team of Cybersecurity Governance and Risk Management analysts, including oversight of daily operations, eGRC tool maintenance, workload intake, and ticket management.
• Manage the Cybersecurity Governance and Risk Management budget, covering personnel (BSC and consultant), maintenance, travel, education, and miscellaneous expenditures.
• Lead a global Phishing Program reaching over 50,000 employees and end users through automation and scalable tools.
• Oversee procurement and renewal of contracts supporting the Cybersecurity Governance and Risk Management function.
• Lead enterprise-wide Cybersecurity Risk Management activities, including BSC and third-party risk assessments, remediation, reporting, and strategic planning-incorporating due diligence and risk processes for mergers and acquisitions.
• Develop and maintain Cybersecurity policies, standards, and documentation to support governance, cyber insurance, and compliance requirements.
• Drive Security Awareness and Education programs, fostering a cybersecurity-aware culture across a global organization with operations in APAC, Europe, and LATAM.
• Monitor and measure the effectiveness and maturity of the cybersecurity program through metrics, dashboards, and program-level KPIs.
• Conduct industry benchmarking and maintain awareness of evolving cybersecurity trends, sharing insights with leadership to support proactive and preventive risk mitigation.
• Demonstrate a primary commitment to patient safety and product quality by maintaining compliance with the Quality Policy and all documented quality processes and procedures.
• Influence key stakeholders and drive alignment in sensitive or complex scenarios, requiring strong communication and change management skills.
• Work on complex programs and challenges of broad scope, leveraging deep subject matter expertise to implement strategic policies, manage staff functions, and ensure adherence to budgets, schedules, and performance standards (this role does not include subordinate managers).