• Define and execute the enterprise product security strategy, aligned with regulatory, business, and risk objectives.

• Establish and maintain product security governance frameworks, including policies, standards, and controls.

• Own product security risk management, including risk identification, prioritization, and mitigation across the portfolio.

• Lead development and adoption of secure-by-design and secure SDLC practices across engineering teams. security vulnerabilities, customer site and equipment protection, data loss/breach, and advanced persistent threat.

• Lead long-term security capability development, including cryptographic modernization and resilience against emerging threats such as post-quantum computing.

• Partner with Engineering and R&D leaders to embed security into product development lifecycles.

• Enable engineering teams through security tooling, automation, and developer-centric security guidance.

• Oversee and provide governance and guidance for vulnerability management and remediation activities across products and platforms.

• Ensure alignment with FDA, EU MDR, and other global applicable medical device cybersecurity regulations.

• Lead audit readiness and certification activities (e.g., ISO 13485, ISO 27001, IEC 62304, etc.).

• Partner with Quality and Regulatory teams to integrate product security into QMS processes.

• Define, track and report security KPIs and metrics for internal reporting and regulatory evidence.

• Drive cross-division collaboration to standardize product security practices across business units.

• Serve as a strategic advisor to executive leadership, legal, regulatory, and product teams on security risk.

• Influence product and business decisions to ensure appropriate security risk posture.

• Shape and promote a strong product security culture across engineering, R&D, and product organizations.

• Build, lead, and develop a high-performing product security organization, including hiring, mentoring, and succession planning.

• Represent the organization in internal and external forums, including leadership reviews, regulatory discussions, and industry engagements.

• BachelorsDegree ( 16 years)

• Information Security, Risk or IT Management, Computer Science, or related field

• An equivalent combination of education and work experience

• Minimum 12 yearsof work experience

• Experience working in a product engineering, support or Product/ Information security is required

• Deep expertise in product security, including application to medical devices and connected systems, with strong understanding of threat modeling, vulnerabilities, and patient/customer risk in a regulated environment.

• Demonstrated knowledge of FDA cybersecurity guidance (premarket andpostmarket) and its application to product development, risk management, and lifecycle maintenance.

• Experience with medical device and software lifecycle standards, including IEC 62304, ISO 14971, and ISO 13485, with the ability to integrate security into quality and regulatory processes.

• Familiarity with global cybersecurity and privacy frameworks such as NIST Cybersecurity Framework, NIST SSDF, ISO 27001, HIPAA/HITECH, and applicable EU regulations.

• Experience leading product security programs across the full lifecycle, including secure design, development, vulnerability management,postmarketmonitoring, and incident response.

• Proven ability to operate at a senior leadership level, influencing executive stakeholders and driving alignment across engineering, R&D, quality, regulatory, and business teams.

• Experience with software supply chain security practices, including SBOM, third-party risk management, and open-source security.

• Strong understanding of modern security architectures and technologies, including cryptography, identity and access management, and secure communications (knowledge of emerging areas such as crypto agility and post-quantum considerations preferred).

• Track record of building, leading, and developing high-performing teams in complex, matrixed organizations.

• Exceptional analytical, communication, and decision-making skills, with the ability to translate complex security risks into business-relevant outcomes.

The base pay for this position is

In specific locations, the pay range may vary from the range posted.