Boston Scientific
Senior Manager, Cybersecurity
Boston Scientific - Osseo, Minnesota, United States, 55311
Work at Boston Scientific
Overview
- View job
Overview
Senior Manager, Cybersecurity
Boston Scientific is seeking a Senior Manager of Cybersecurity Engineering to lead and advance our cybersecurity initiatives across the Interventional Cardiology division. This leader will set a strategic direction for product security and oversee execution of secure design practices, vulnerability management, regulatory alignment, and cross-functional collaboration. The role will involve driving cybersecurity maturity across the product lifecycle and interfacing with R&D, Regulatory, Quality, IT, and executive stakeholders to ensure patient safety, product integrity, and regulatory compliance. This is a high-impact leadership position, ideal for an experienced cybersecurity professional with a strong track record in regulated industries, capable of building high-performing teams and translating cybersecurity objectives into tangible product and business outcomes. Work Mode: At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model, requiring employees to be in our Maple Grove, MN (or) Marlborough, MA office at least three days per week. Your responsibilities will include: Lead the product cybersecurity strategy for the division, aligning with corporate policies, regulatory guidance, and emerging threats in the medical device space. Build and manage a high-performing cybersecurity engineering team, providing technical guidance, coaching, and professional development. Drive integration of security architecture and risk-based design principles into all phases of the product development lifecycle, from concept to post-market surveillance. Own and continuously improve division-wide processes for threat modeling, security risk assessments, secure coding practices, and vulnerability management. Represent cybersecurity in senior-level technical and business discussions, including regulatory submissions, due diligence activities, and incident response management. Regularly brief executive leadership on the cybersecurity landscape, including regulatory and legal developments, customer security expectations, emerging threats and the security posture of the Interventional Cardiology product portfolio, including associated risks and mitigation strategies. Collaborate across engineering, software, systems, IT, Quality, Regulatory, and Clinical teams to ensure end-to-end security design and implementation. Establish and enforce governance processes for incident response planning, penetration testing, patch management, and third-party cybersecurity assurance. Proactively monitor the evolving regulatory landscape (FDA, EU MDR, GDPR, etc.) to guide the organization in maintaining compliance and best-in-class security posture. Champion a culture of security-first thinking through training, internal advocacy, and cross-functional engagement. Required qualifications: Bachelor's or master's degree in Cybersecurity, Computer Science, Engineering, or related technical field. 10+ years of experience in cybersecurity, including at least 5 years in a leadership or management role overseeing technical teams and cross-functional cybersecurity initiatives. Demonstrated success in building, leading, and scaling cybersecurity teams and programs in regulated environments. Strong communication and executive presence, with proven ability to influence technical and non-technical stakeholders at all levels. Experience with secure product development, embedded systems, network security, and post-market cybersecurity monitoring. Ability to translate complex security concepts into actionable strategies aligned with business and product goals. Preferred qualifications: Experience working in or with medical device companies or other regulated industries (e.g., pharma, aerospace, defense). Relevant cybersecurity certifications (e.g., CISSP, CISM, CRISC, GIAC, OffSec). Deep knowledge of security architecture, risk assessment methodologies, and regulatory standards such as IEC 62443, ISO 14971, NIST CSF, FDA cybersecurity guidance, and HIPAA/GDPR. Familiarity with standards and guidance such as IEC 62304, ISO/IEC 27001, VA Handbook 6500, and SW96/TIR57/TIR97. Understanding of PKI, wireless security, penetration testing methodologies, and emerging threat landscapes. Experience in cybersecurity aspects of M&A due diligence and integration planning is a strong plus. Compensation will be commensurate with the demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs.
Boston Scientific is seeking a Senior Manager of Cybersecurity Engineering to lead and advance our cybersecurity initiatives across the Interventional Cardiology division. This leader will set a strategic direction for product security and oversee execution of secure design practices, vulnerability management, regulatory alignment, and cross-functional collaboration. The role will involve driving cybersecurity maturity across the product lifecycle and interfacing with R&D, Regulatory, Quality, IT, and executive stakeholders to ensure patient safety, product integrity, and regulatory compliance. This is a high-impact leadership position, ideal for an experienced cybersecurity professional with a strong track record in regulated industries, capable of building high-performing teams and translating cybersecurity objectives into tangible product and business outcomes. Work Mode: At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model, requiring employees to be in our Maple Grove, MN (or) Marlborough, MA office at least three days per week. Your responsibilities will include: Lead the product cybersecurity strategy for the division, aligning with corporate policies, regulatory guidance, and emerging threats in the medical device space. Build and manage a high-performing cybersecurity engineering team, providing technical guidance, coaching, and professional development. Drive integration of security architecture and risk-based design principles into all phases of the product development lifecycle, from concept to post-market surveillance. Own and continuously improve division-wide processes for threat modeling, security risk assessments, secure coding practices, and vulnerability management. Represent cybersecurity in senior-level technical and business discussions, including regulatory submissions, due diligence activities, and incident response management. Regularly brief executive leadership on the cybersecurity landscape, including regulatory and legal developments, customer security expectations, emerging threats and the security posture of the Interventional Cardiology product portfolio, including associated risks and mitigation strategies. Collaborate across engineering, software, systems, IT, Quality, Regulatory, and Clinical teams to ensure end-to-end security design and implementation. Establish and enforce governance processes for incident response planning, penetration testing, patch management, and third-party cybersecurity assurance. Proactively monitor the evolving regulatory landscape (FDA, EU MDR, GDPR, etc.) to guide the organization in maintaining compliance and best-in-class security posture. Champion a culture of security-first thinking through training, internal advocacy, and cross-functional engagement. Required qualifications: Bachelor's or master's degree in Cybersecurity, Computer Science, Engineering, or related technical field. 10+ years of experience in cybersecurity, including at least 5 years in a leadership or management role overseeing technical teams and cross-functional cybersecurity initiatives. Demonstrated success in building, leading, and scaling cybersecurity teams and programs in regulated environments. Strong communication and executive presence, with proven ability to influence technical and non-technical stakeholders at all levels. Experience with secure product development, embedded systems, network security, and post-market cybersecurity monitoring. Ability to translate complex security concepts into actionable strategies aligned with business and product goals. Preferred qualifications: Experience working in or with medical device companies or other regulated industries (e.g., pharma, aerospace, defense). Relevant cybersecurity certifications (e.g., CISSP, CISM, CRISC, GIAC, OffSec). Deep knowledge of security architecture, risk assessment methodologies, and regulatory standards such as IEC 62443, ISO 14971, NIST CSF, FDA cybersecurity guidance, and HIPAA/GDPR. Familiarity with standards and guidance such as IEC 62304, ISO/IEC 27001, VA Handbook 6500, and SW96/TIR57/TIR97. Understanding of PKI, wireless security, penetration testing methodologies, and emerging threat landscapes. Experience in cybersecurity aspects of M&A due diligence and integration planning is a strong plus. Compensation will be commensurate with the demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs.