Apply now »
Apply now

Apply for Job

Director, Cybersecurity - GRC Job

Remote Eligible: 
Onsite Locations(s): 

St. Paul, MN, US

Additional Locations:  US-MA-Marlborough

Boston Scientific's hybrid workplace includes remote and onsite roles. By applying to this position, you will have the opportunity to discuss your preferred working location with your Talent Acquisition Specialist.

Additional Locations: US-MA-Marlborough; US-MN-Maple Grove


Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.


About the role: 
The Director, Cybersecurity Governance, Risk Management and Compliance (GRC) is responsible for the leadership and execution of all facets of GRC to ensure the protection and enablement of Boston Scientific’s business.  Reporting to the VP, Chief Information Security Officer (CISO), the Director collaborates extensively within the Cybersecurity organization as well as across the Information Technology (IT) organization as well as across Boston Scientific as a whole.  The Director should be available and empowered to represent the CISO in all activities.  


Your responsibilities include: 

  • Leads all facets of Cybersecurity Governance including Security Policies & Standards, Cybersecurity Controls, Data Classification, Cloud Center of Excellence (COE) Governance, Business Continuity Planning/Disaster Recovery Planning Oversight, and Security Awareness and Training
  • Leads all facets of Cybersecurity Risk Management including Risk Assessments, 3rd Party Vendor Security Assessments, GRC Solution Implementation, Risk Register, GRC Metrics including Vital Signs, Vulnerability Management, Secure Code/Application Scanning, and Mergers & Acquisition Integration support.
  • Leads all facets of Cybersecurity Compliance including Regulatory Compliance for Sarbanes Oxley (SOX), General Data Protection Regulation (GDPR), Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Food & Drug Administration (FDA) regulations, BSC Global Systems Methodology (GSM) / IT Validation (ITV), Privacy regulations, ISO 27001, NIST Cybersecurity Framework, SOC I/ certifications, etc.
  • Collaborates across the cybersecurity organization, IT and throughout BSC.  Maintains relationships with Legal/Privacy, Enterprise Risk Management/Global Internal Audit, Quality/Regulatory, and Finance.
  • Principle Cybersecurity point of contact with BSC external auditors
  • Serves as the EndoChoice HIPAA Security Officer


What we’re looking for: 

Required Qualifications

  • Bachelor’s Degree or higher in computer science or related field of study, or relevant technical and data compliance experience
  • 8+ years’ experience in an IT field and data governance, or equivalent relevant work experience
  • Prior management experience
  • Experience in overseeing enterprise Governance Risk and Compliance programs
  • Strong knowledge of Sarbanes Oxley, PCI, HIPAA requirements
  • Knowledgeable in PII, PHI, and PCI compliance requirements
  • Experience in Risk Management and tracking related metrics, and communicating the same to executive leadership

Preferred Qualifications

  • Experience in applying IT control & security frameworks such as SSAE18 SOC2, COBIT, NIST Cyber Security Framework, IS027001and other global frameworks
  • Able to communicate a compelling vision and need for change that generates excitement, enthusiasm, and commitment to the process
  • Ability to lead others by empowering innovative approaches and motivating others to be proactive and resourceful
  • Ability to lead a team in apply broad business and technology understanding of internal and external trends and capabilities, to ensure successful execution of IT governance and compliance
  • Proven and demonstrated data governance knowledge and skills in healthcare technologies, or other related industries
  • Demonstrates strategic and critical thinking capability
  • Has strong planning, communication and presentation skills, and the capability to listen and influence





Requisition ID: 507156


As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.


So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!


At Boston Scientific, we recognize that nurturing a diverse and inclusive workplace helps us be more innovative and it is important in our work of advancing science for life and improving patient health. That is why we stand for inclusion, equality, and opportunity for all. By embracing the richness of our unique backgrounds and perspectives, we create a better, more rewarding place for our employees to work and reflect the patients, customers, and communities we serve. Boston Scientific is proud to be an equal opportunity and affirmative action employer.


Boston Scientific maintains a drug-free workplace. Pursuant to Va. Code § 2.2-4312 (2000), Boston Scientific is providing notification that the unlawful manufacture, sale, distribution, dispensation, possession, or use of a controlled substance or marijuana is prohibited in the workplace and that violations will result in disciplinary action up to and including termination.


Nearest Major Market: Minneapolis

Job Segment: Manager, Medical, Risk Management, Law, Internal Audit, Management, Healthcare, Finance, Legal

Apply now »
Apply now

Apply for Job