Sr. Director, Dep CISO GRC & Security, Orthopedics

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
• 12–14 years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
• Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device, healthcare, or life sciences strongly preferred).
• Deep knowledge of cybersecurity risk management, compliance frameworks, and regulatory expectations.
• Experience building, mentoring, and leading senior‑level cybersecurity teams.
• Strong strategic, analytical, and communication skills, with the ability to translate technical risk into business impact.
• English (fluent)

Nice To Haves

• Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.
• Experience supporting product security for connected, software‑enabled, or digital medical devices.
• Familiarity with global regulatory bodies and standards impacting product cybersecurity.
• Experience operating in complex, global organizations undergoing transformation or separation.
• Background in incident response governance, vulnerability disclosure, and post‑market surveillance.
• Demonstrated success driving cybersecurity maturity and cultural change at scale.
• Proven ability to influence executive stakeholders and partner effectively across IT, R&D, Quality, Legal, and Regulatory functions.
• CISSP, CISM, CRISC, or equivalent certifications.

Responsibilities

• Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs, ensuring alignment with business priorities and regulatory requirements.
• Partner with the CISO to define and execute the cybersecurity strategy, serving as a delegate and decision authority as needed.
• Lead enterprise risk management activities, including cyber risk identification, assessment, mitigation, and reporting to executive leadership.
• Own the enterprise cyber security policy lifecycle—from creation and implementation to continuous review—ensuring clarity, compliance, and alignment with organizational goals.
• Oversee cybersecurity compliance with global regulations, standards, and frameworks relevant to medical devices and digital health solutions.
• Establish and maintain product security governance across the product lifecycle, from design and development through post‑market support.
• Drive secure‑by‑design principles and threat modeling in partnership with R&D, Engineering, Quality, and Regulatory teams.
• Lead and develop high‑performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, and continuous improvement.
• Provide executive‑level reporting on cybersecurity risk, compliance status, and program effectiveness to senior leadership and governance bodies.

Benefits

• Vacation –120 hours
• Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
• Holiday pay, including Floating Holidays –13 days per calendar year
• Work, Personal and Family Time - up to 40 hours per calendar year
• Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
• Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
• Caregiver Leave – 80 hours in a 52-week rolling period
• Volunteer Leave – 32 hours per calendar year
• Military Spouse Time-Off – 80 hours per calendar year