Senior Director, Product Security

About The Position

Requirements

• Bachelor’s or Master’s degree in a related field (e.g., computer science, engineering, information security, technology) or equivalent work experience based on Edwards criteria
• Extensive hands-on experience spanning the information and product security lifecycle, from concept through commercialization
• Demonstrated expertise in cloud security architectures for connected products, including experience securing regulated or medical devices integrated with cloud platforms
• Deep technical experience with embedded systems, firmware, device protocols, and physical device security frameworks
• Proven experience operating in regulated environments, supporting audits, inspections, and compliance requirements

Nice To Haves

• 15 years of previous related experience or equivalent work experience based on Edwards criteria
• Relevant certifications (e.g., CISSP, CISM, CSSLP, CCSP, GIAC)
• Ability and willingness to operate in a hands-on, builder role rather than solely through delegation
• Product security experience in medical devices, connected devices, semiconductors, or other regulated technology industries (e.g., implanted devices, connected health, imaging systems)
• Experience navigating real-world product security incidents, vulnerabilities, or regulatory escalations and driving corrective actions
• Experience securing IoT, AI-enabled, and embedded systems beyond traditional endpoint or enterprise IT security
• Strong grounding in Secure Software Development Lifecycle (SSDLC), including writing testable cybersecurity requirements and validation plans
• Background in DevSecOps / DevCloudSecOps, embedding security into CI/CD pipelines and cloud environments
• Knowledge of FDA cybersecurity guidance, IEC 80001-2-2, and related regulatory standards
• Experience with risk management frameworks and security standards (e.g., NIST, ISO/IEC 27001, COBIT)
• Familiarity with data protection technologies, threat management, and vulnerability testing
• People leadership experience is a plus but not the primary differentiator; technical depth and product credibility are prioritized
• Exceptional communication and stakeholder influencing skills across senior and executive audiences
• Strong analytical, organizational, and decision-making capabilities in fast-paced, evolving environment

Responsibilities

• Own security design at the device-to-cloud boundary, including secure data transmission, protocol governance, and lifecycle risk management.
• Provide subject matter expertise across key security domains such as vulnerability management, threat intelligence, embedded systems security, and cloud security, including executive-level briefings.
• Personally contribute to security requirements, design reviews, test strategies, penetration testing programs, and vulnerability mitigation planning for connected products.
• Lead and develop a small, highly technical team (initially 1–3 direct reports) aligned to R&D and Product organizations.
• Partners functionally with R&D, Product, Regulatory, Quality, and IT teams to translate business and regulatory requirements into practical, enforceable security controls.
• Conduct security assessments, audits, and risk reviews to proactively identify and mitigate product, platform, and cloud risks.
• Maintain awareness of emerging threats, vulnerabilities, and regulatory expectations to proactively reduce product security risk.
• Promote secure-by-design and secure-by-default practices throughout the product lifecycle.
• Assess security needs and deliver solutions through proposal development, prioritization, and implementation aligned with business and regulatory objectives.

Benefits

• Aligning our overall business objectives with performance, we offer competitive salaries, performance-based incentives, and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.