Director, Cyber Security Edwards Lifesciences
Irvine, CA

Job Description

Edwards is looking for a dynamic and execution focused information security leader who will report directly to the Chief Information Security officer. This role drives the evolution of the information security risk management program at Edwards offering leadership for key cyber security functions like cyber solutions, governance, risk management and/or assurance. As the Director, you will lead a team of information security professionals mentoring and coaching the team both as a people and technical leader. This role requires hands on security experience to help build and drive information security strategy and design for key enterprise security initiatives. One must also have the ability to understand complex technical security concepts and explain them in a business friendly manner. The Directors drives security posture improvement at the enterprise level by working in close partnership with various IT groups, audit functions, legal, business units, and our medical device R&D division. He or she must be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that IT security is just one aspect of our the business.

Responsibilities:

* Understand key business processes at Edwards and their characteristics with a view to incorporating security guidance that enables the business operations


* Lead and set strategic direction for the assigned information Security functions, ranging from planning and budgeting, to motivational and promotional activities expounding the value of Information Security


* Manage and develop information security staff serving as a technical and people mentor, expert at bringing clarity where there is ambiguity to help the team succeed


* Design processes and governance structure around cyber security solutions


* Lead the design, implementation, operation and maintenance of the Information Security technologies based on the SANS 20 CSC standards framework


* Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations


* Lead Information security risk assessments and associated controls


* Act as a critical member and thought leader of the Information security incident response process


* Own the lifecycle of technologies and services in compliance with company policies


* Provide regular reporting on the current status of the Information security program to enterprise risk teams, and senior business leaders as part of a strategic enterprise risk management program


* Help develop, maintain and execute a multi-year enterprise-wide security roadmap


* Use cyber security frameworks to standardize cyber security function for their development and delivery


* Act as a SME Security Advisor for key IT, product and business initiatives


* Present to executive audience the most complex security concepts in a business friendly language


* Lead the development and maintenance of cyber security risk register that drives tactical, short term and long term tasks and initiatives to improve the security posture of Edwards Lifesciences


* SME in security architecture concepts and methodology that drives key enterprise IT and product lifecycles


* Stay abreast with the cyber security threat and solution landscape to bring innovative solutions that significantly improve Edwards security posture


* Implement cyber processes and tools with strong focus on Automation and Cloud first approach


* Present at security conferences representing Edwards both in enterprise IT and medical device security concepts



#LI-LP1

#DI

Requirements:

* Must have a Bachelor's Degree in Information Technology, Computer Science or a related field. A Master's Degree is preferred.


* Must have a minimum of 12 years of experience leading and executing enterprise scoped security projects in at least 3 or more of the following domains: platform security, application security, network security, infrastructure, cloud security, data security and identity and access management.


* Must have 3 years of experience as a people manager with 5 direct reports, providing technical and people leadership.


* SME in at least 3 of the following domains: information security risk management, compliance, platform security, network security, application security, data security, cloud security, embedded device security.


* Ability to collaborate in a very fast paced environment.


* Expert knowledge in industry standard security frameworks like NIST, OWASP, ISO etc.


* Excellent written and verbal communication skills, with experience presenting to executive audience.


* Up to 20% domestic and international travel required.