Senior Director, Dep CISO, GRC & Security - Orthopedics

Johnson & Johnson

Senior cybersecurity leader overseeing Governance, Risk & Compliance and Product Security at DePuy Synthes. Responsible for shaping cybersecurity strategy in a regulated medical technology environment.

Posted 5/1/2026full-timeFlorida, Massachusetts, New Jersey, Pennsylvania • 🇺🇸 United StatesSenior💰 $178,000 - $307,050 per yearWebsite

Tech Stack

Tools & technologies

Cyber Security

About the role

Key responsibilities & impact

Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs, ensuring alignment with business priorities and regulatory requirements.
Partner with the CISO to define and execute the cybersecurity strategy, serving as a delegate and decision authority as needed.
Lead enterprise risk management activities, including cyber risk identification, assessment, mitigation, and reporting to executive leadership.
Own the enterprise cyber security policy lifecycle—from creation and implementation to continuous review—ensuring clarity, compliance, and alignment with organizational goals.
Oversee cybersecurity compliance with global regulations, standards, and frameworks relevant to medical devices and digital health solutions.
Establish and maintain product security governance across the product lifecycle, from design and development through post-market support.
Drive secure-by-design principles and threat modeling in partnership with R&D, Engineering, Quality, and Regulatory teams.
Lead and develop high-performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, and continuous improvement.
Provide executive-level reporting on cybersecurity risk, compliance status, and program effectiveness to senior leadership and governance bodies.

Requirements

What you’ll need

Required: Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
Preferred: Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.
12–14 years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device, healthcare, or life sciences strongly preferred).
Deep knowledge of cybersecurity risk management, compliance frameworks, and regulatory expectations.
Experience building, mentoring, and leading senior-level cybersecurity teams.
Strong strategic, analytical, and communication skills, with the ability to translate technical risk into business impact.
Language: English (fluent)
Certifications (preferred): CISSP, CISM, CRISC, or equivalent

Benefits

Comp & perks

Vacation –120 hours
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
Holiday pay, including Floating Holidays –13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave – 80 hours in a 52-week rolling period
Volunteer Leave – 32 hours per calendar year
Military Spouse Time-Off – 80 hours per calendar year

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurityinformation securityrisk managementGRCproduct securitycyber risk assessmentcompliance frameworksthreat modelingsecure-by-design principlescybersecurity policy lifecycle

Soft Skills

strategic leadershipanalytical skillscommunication skillscollaborationaccountabilitycontinuous improvementmentoringteam leadershipexecutive reportingbusiness impact translation

Certifications

CISSPCISMCRISC