Director, IT, Product Security

About the position

Many structural heart patients suffer from heart failure with limited options. Our Implantable Heart Failure Management (IHFM) team is at the forefront of addressing these unmet patient needs through pioneering technology that enables early, targeted therapeutic intervention. Our innovative solutions are not just transforming patient care but also creating a unique and exciting environment for our team members. It’s our driving force to help patients live longer and healthier lives. Join us and be part of our inspiring journey.

Responsibilities

• Establish and maintain a corporate-wide security management program to ensure that information assets, technology, products, intellectual property, and patient data are adequately protected.
• Oversee, lead, and provide briefings of key security functional area based on critical subject matter expertise (e.g. Incident response, threat intelligence, etc.).
• Manage team members and/or professionals and/or oversee the work with responsibility for assigned sections of the information security department.
• Develop a robust talent development and succession planning in alignment with functional growth strategies.
• Collaborate with key stakeholders to translate business requirements into EW security practices resulting in influencing stakeholders to implement key security requirements.
• Lead and manage the Product Security team, ensuring the security of our products and services (lead a small team of 1-2 people).
• Collaborate with security professionals to design and implement robust security measures.
• Oversee AWS Security (Amazon Web Services Security) practices to protect cloud-based infrastructure.
• Conduct regular security assessments and audits to identify and mitigate risks.
• Stay updated with the latest security trends and threats to proactively address potential vulnerabilities.
• Provide strategic direction and leadership in all aspects of product security.
• Define global communications plan for employee security awareness and best practices.
• Identify corporate-wide requirements to integrate security in information and product lifecycle.
• Assess needs and develop, propose, and implement solutions.
• Act upon external/internal threat information and advise relevant stakeholders on the appropriate actions.

Requirements

• Bachelor's Degree in a related field and 12 years of previous related experience (e.g., computer science, security, engineering, information security, technology, etc.) required with skill levels exceeding the requirements of a Manager -OR- Master's Degree or equivalent in related field and 10 years' experience.
• Bachelor's Degree in related field + 8 years of related experience in IT / Computer Science / networking engineering / R&D.
• AWS Security Certification or hands-on expertise.
• Product Security hands-on expertise.
• Strong AWS, DevOps, and Cloud experience.

Nice-to-haves

• Product Security experience in the Medical Device industry.
• Expertise in DevSecOps/DevCloudSecOps, integrating security into CI/CD pipelines and cloud environments.
• Certifications such as CISSP, CISM, CSSLP, GIAC, MCSE, or CCSP.
• Experience advising startups in the med tech and pharma industries.
• Skilled in building product roadmaps.
• Secure Software Development Life Cycle (SSLDC) experience.
• Knowledge of FDA guidelines.
• Writing testable cybersecurity requirements.
• Risk management lifecycle experience.
• Strong project management leadership skills.
• Excellent problem-solving, organizational, analytical, and critical thinking skills.
• Exceptional written and verbal communication skills, including negotiating and relationship management.
• Broad knowledge of security lifecycle in information assets, technology, products, and intellectual property.
• Understanding of information security and privacy standards and laws, and common security management frameworks (e.g., ISO/IEC 27001, ITIL, COBIT, NIST).
• Ability to manage teams, provide coaching and feedback, and partner with HR on employee relations.
• Attention to detail and ability to interact professionally at all organizational levels.
• Ability to work in a fast-paced, dynamic environment and lead technical meetings.
• Dedication to quality client service and proactive responsiveness to client needs.
• Ability to influence change and develop cross-functional relationships.
• Experience in applications, software, and data protection.
• Experience in information and product lifecycle security (e.g., from concept to commercialization).
• Experience in data protection processes and technologies, cyber threat management, incident response, vulnerability testing, risk management.
• Expert knowledge and understanding of information security and privacy standards and laws.
• Intermediate knowledge of privacy regulations and appropriate safeguards and ability to apply to relevant situations.
• Frequently interacts with internal and external management and senior-level customer representatives concerning projects, operational decisions, scheduling requirements, and/or contractual clarifications.
• Require the ability to change the thinking of, or gain acceptance from others in sensitive situations, without damage to the relationship.
• Develop peer, cross functional and cross business relationships to maximize best practice sharing and team effectiveness.
• Provide leadership and direction to cross-functional teams to successfully implement global enterprise systems and related solutions.
• Support and solicit input from team members at all levels.
• Demonstrated track record in people management.
• Experience in regulated industries, applications, software, and data protection.

Benefits

• Competitive salaries.
• Performance-based incentives.
• A wide variety of benefits programs to address the diverse individual needs of our employees and their families.