Sr. Director, Security & Defense, Orthopedics
About The Position
Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone Orthopaedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes, and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes. About DePuy Synthes DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world’s largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter—establishing its own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world. Job Overview The Sr. Director, Security & Defense is a senior technology leadership role responsible for setting and executing the cybersecurity and information protection strategy for DePuy Synthes. This leader plays a critical role in safeguarding enterprise systems, data, products, and operations while enabling business growth and digital innovation. The position partners closely with executive leadership, IT, Legal, Privacy, and business stakeholders to ensure a resilient, compliant, and risk‑aware security posture across the organization and reports into the DePuy Synthes Technology organization.
Requirements
- Bachelor’s degree required, preferably in Information Technology, Computer Science, Engineering, or a related field.
- 12-14 years of experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
- Demonstrated experience leading enterprise‑wide security programs in complex, regulated environments.
- Strong knowledge of cyber defense, incident response, identity and access management, cloud security, and risk frameworks.
- Experience leading and developing global or cross‑functional teams.
Nice To Haves
- Master’s degree or MBA preferred.
- Experience supporting healthcare, life sciences, or medical device organizations.
- Proven ability to influence executive stakeholders and translate technical risk into business impact.
- Experience with large‑scale technology transformations or corporate separations.
- Familiarity with global regulatory and compliance standards (e.g., ISO, NIST, GDPR, HIPAA).
- Strong change leadership and strategic planning capabilities.
- CISSP, CISM, CRISC, or equivalent certifications.
Responsibilities
- Define and lead the enterprise security and cyber defense strategy aligned to business priorities and regulatory requirements.
- Oversee cybersecurity operations, including threat detection, incident response, vulnerability management, and security monitoring.
- Build and maintain a program focused on monitoring and responding to insider threats while supporting legal and employee relations as required.
- Establish and maintain security governance, policies, standards, and risk management frameworks across the organization.
- Lead and develop high‑performing security teams and external partners, fostering a strong culture of accountability and continuous improvement.
- Provide executive‑level reporting on security posture, risks, incidents, and remediation progress.
- Ensure compliance with global cybersecurity, data protection, and industry regulations relevant to medical technology and healthcare environments.
- Support M&A, separation, and transformation initiatives by assessing and mitigating cybersecurity risks.
Benefits
- Vacation –120 hours
- Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
- Holiday pay, including Floating Holidays –13 days per calendar year
- Work, Personal and Family Time - up to 40 hours per calendar year
- Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
- Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
- Caregiver Leave – 80 hours in a 52-week rolling period
- Volunteer Leave – 32 hours per calendar year
- Military Spouse Time-Off – 80 hours per calendar year
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
