Sr. Director, Dep CISO GRC & Security, Orthopedics

Johnson & Johnson•Brunswick, OH

1d•Hybrid

About The Position

This role serves as a senior cybersecurity leader and trusted advisor to the CISO, with enterprise accountability for Governance, Risk & Compliance (GRC) and Product Security across DePuy Synthes. The Sr. Director, Deputy CISO will shape and execute cybersecurity strategy that protects patients, products, data, and operations while enabling innovation and growth in a regulated medical technology environment. This is a highly visible leadership role with direct impact on product safety, regulatory readiness, and enterprise risk posture, and reports into the DePuy Synthes Technology organization. Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone Orthopaedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes, and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes. DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world’s largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter—establishing its own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world.

Requirements

Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
12–14 years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device, healthcare, or life sciences strongly preferred).
Deep knowledge of cybersecurity risk management, compliance frameworks, and regulatory expectations.
Experience building, mentoring, and leading senior‑level cybersecurity teams.
Strong strategic, analytical, and communication skills, with the ability to translate technical risk into business impact.
English (fluent)

Nice To Haves

Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.
Experience supporting product security for connected, software‑enabled, or digital medical devices.
Familiarity with global regulatory bodies and standards impacting product cybersecurity.
Experience operating in complex, global organizations undergoing transformation or separation.
Background in incident response governance, vulnerability disclosure, and post‑market surveillance.
Demonstrated success driving cybersecurity maturity and cultural change at scale.
Proven ability to influence executive stakeholders and partner effectively across IT, R&D, Quality, Legal, and Regulatory functions.
CISSP, CISM, CRISC, or equivalent certifications.

Responsibilities

Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs, ensuring alignment with business priorities and regulatory requirements.
Partner with the CISO to define and execute the cybersecurity strategy, serving as a delegate and decision authority as needed.
Lead enterprise risk management activities, including cyber risk identification, assessment, mitigation, and reporting to executive leadership.
Own the enterprise cyber security policy lifecycle—from creation and implementation to continuous review—ensuring clarity, compliance, and alignment with organizational goals.
Oversee cybersecurity compliance with global regulations, standards, and frameworks relevant to medical devices and digital health solutions.
Establish and maintain product security governance across the product lifecycle, from design and development through post‑market support.
Drive secure‑by‑design principles and threat modeling in partnership with R&D, Engineering, Quality, and Regulatory teams.
Lead and develop high‑performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, and continuous improvement.
Provide executive‑level reporting on cybersecurity risk, compliance status, and program effectiveness to senior leadership and governance bodies.

Benefits

Vacation –120 hours
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
Holiday pay, including Floating Holidays –13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave – 80 hours in a 52-week rolling period
10 days Volunteer Leave – 32 hours per calendar year
Military Spouse Time-Off – 80 hours per calendar year

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume