Sr. Director, Product Security

About The Position

Requirements

• Bachelors Degree (± 16 years) Information Security, Risk or IT Management, Computer Science, or related field
• An equivalent combination of education and work experience
• Minimum 12 years of work experience
• Experience working in a product engineering, support or Product/ Information security is required
• Deep expertise in product security, including application to medical devices and connected systems, with strong understanding of threat modeling, vulnerabilities, and patient/customer risk in a regulated environment.
• Demonstrated knowledge of FDA cybersecurity guidance (premarket and postmarket) and its application to product development, risk management, and lifecycle maintenance.
• Experience with medical device and software lifecycle standards, including IEC 62304, ISO 14971, and ISO 13485, with the ability to integrate security into quality and regulatory processes.
• Familiarity with global cybersecurity and privacy frameworks such as NIST Cybersecurity Framework, NIST SSDF, ISO 27001, HIPAA/HITECH, and applicable EU regulations.
• Experience leading product security programs across the full lifecycle, including secure design, development, vulnerability management, postmarket monitoring, and incident response.
• Proven ability to operate at a senior leadership level, influencing executive stakeholders and driving alignment across engineering, R&D, quality, regulatory, and business teams.
• Experience with software supply chain security practices, including SBOM, third-party risk management, and open-source security.
• Strong understanding of modern security architectures and technologies, including cryptography, identity and access management, and secure communications (knowledge of emerging areas such as crypto agility and post-quantum considerations preferred).
• Track record of building, leading, and developing high-performing teams in complex, matrixed organizations.
• Exceptional analytical, communication, and decision-making skills, with the ability to translate complex security risks into business-relevant outcomes.

Nice To Haves

• knowledge of emerging areas such as crypto agility and post-quantum considerations

Responsibilities

• Define and execute the enterprise product security strategy, aligned with regulatory, business, and risk objectives.
• Establish and maintain product security governance frameworks, including policies, standards, and controls.
• Own product security risk management, including risk identification, prioritization, and mitigation across the portfolio.
• Lead development and adoption of secure-by-design and secure SDLC practices across engineering teams.
• security vulnerabilities, customer site and equipment protection, data loss/breach, and advanced persistent threat.
• Lead long-term security capability development, including cryptographic modernization and resilience against emerging threats such as post-quantum computing.
• Partner with Engineering and R&D leaders to embed security into product development lifecycles.
• Enable engineering teams through security tooling, automation, and developer-centric security guidance.
• Oversee and provide governance and guidance for vulnerability management and remediation activities across products and platforms.
• Ensure alignment with FDA, EU MDR, and other global applicable medical device cybersecurity regulations.
• Lead audit readiness and certification activities (e.g., ISO 13485, ISO 27001, IEC 62304, etc.).
• Partner with Quality and Regulatory teams to integrate product security into QMS processes.
• Define, track and report security KPIs and metrics for internal reporting and regulatory evidence.
• Drive cross-division collaboration to standardize product security practices across business units.
• Serve as a strategic advisor to executive leadership, legal, regulatory, and product teams on security risk.
• Influence product and business decisions to ensure appropriate security risk posture.
• Shape and promote a strong product security culture across engineering, R&D, and product organizations.
• Build, lead, and develop a high-performing product security organization, including hiring, mentoring, and succession planning.
• Represent the organization in internal and external forums, including leadership reviews, regulatory discussions, and industry engagements.
• Undertake additional responsibilities as required to support evolving business and security priorities.

Benefits

• Free medical coverage for employees via the Health Investment Plan (HIP) PPO
• An excellent retirement savings plan with high employer contribution
• Tuition reimbursement
• the Freedom 2 Save student debt program
• FreeU education benefit - an affordable and convenient path to getting a bachelor’s degree