Cybersecurity Lead - HIPAA

Additional Location(s): US-MA-Marlborough; US-MN-Arden Hills

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.       

About the role: 

Boston Scientific is seeking an experienced cybersecurity HIPAA leader to be part of the Cybersecurity Governance Risk and Compliance (GRC) team as HIPAA Cybersecurity Lead. In this key role, this individual will oversee GRC initiatives focused on ensuring compliance with information security and cybersecurity regulations, with particular emphasis on HIPAA Security Rules. They will be instrumental in strengthening our security posture across the enterprise.

The HIPAA Cybersecurity Lead will serve as a senior technical leader responsible for maintaining compliance with HIPAA, PIPL, NIS2 Directive, CPRA, CCPA, and other domestic and global data privacy regulations, including Consumer Privacy and Information Protection Laws (CPIPL). This role will drive privacy-by-design and security-by-design principles across enterprise systems, assess risk, and implement data protection solutions. The analyst will collaborate with cross-functional teams to further embed security into technical environments and business processes.

Your responsibilities will include:   

• Lead the development and implementation of cybersecurity and security frameworks aligned with HIPAA, PIPL, GDPR, and other applicable regulations.
• Develop, implement, and enforce policies and procedures for compliance with HIPAA regulations including Security Rule controls.
• Oversee the implementation of technical solutions to protect data, including encryption, access controls, and secure data transmission.
• Conduct regular risk assessments and reviews to identify potential vulnerabilities and maintain compliance with HIPAA standards.
• Participate, consult, and work closely with IT, legal, compliance, and business units regarding potential incidents and appropriate follow up measures.
• Provide training and resources to staff on HIPAA compliance and best practices for data security.
• Work closely with cross functional teams including IT, legal, Compliance, Privacy and other departments.
• Oversee compliance with industry best practices, and regulatory requirements including HIPAA/HITECH, PCI-DSS and ISO 27001 and update organizational policies and procedures accordingly.
• Perform periodic risk assessments of third-party vendors and ongoing compliance monitoring activities
• Lead and support HIPAA Security Risk analyses and compliance efforts under the HIPAA Security Rule
• Assess information system configurations to validate information assets are protected in accordance with applicable security requirements, policies, and industry standards.
• Serve as a company-wide resource and liaison on policies, HIPAA controls and provisions, communications, workflow, and quality improvement initiatives. Act as a subject matter expert on data protection, security controls, information security, and risk mitigation strategies.
• Oversee vendor risk assessments and validate third-party compliance with HIPAA security standards.
• Collaborate with legal, compliance, and IT teams to translate privacy policies into technical requirements.
• Stay current with emerging threats, regulatory changes, and best practices in cybersecurity and data privacy.
• Perform regular audits and assessments of systems to validate compliance with data protection regulations.
• Advise on technical and organizational measures and data transfer mechanisms.
• Support mergers and acquisitions by assessing security risks of target organizations.

Required Qualifications:

• Education: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• Experience: 8+ years of experience in Information Security, IT Risk, or Compliance with a focus on HIPAA security, SIEM tools, and data protection platforms. Experience with ServiceNow GRC is a plus.
• Certifications: Relevant certifications such as Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISSP) or Certified HIPAA Professional (CHP) are highly desirable.
• Deep understanding of HIPAA Privacy and Security Rules, PIPL, HIPAA, DPDP Act, NIS2 Directive, CPRA, CCPA, and other global privacy regulations. PCI ISA/QSA experience is a plus.
• Excellent analytical, communication, and project management skills.
• Strong knowledge of HIPAA and NIST information security principles and practices.
• Experience with common Information Security management frameworks, such as: NIST, ISO 27001/2, ISO 27701, preferred.
• Strong understanding of network, system and application security principles.
• Experience in developing, documenting, and maintaining security policies and procedures.
• Proven ability to lead programs or initiatives without direct team management.

Requisition ID: 619310

Minimum Salary: $103700 

Maximum Salary: $197000 

The anticipated compensation listed above and the value of core and optional employee benefits offered by Boston Scientific (BSC) – see www.bscbenefitsconnect.com—will vary based on actual location of the position and other pertinent factors considered in determining actual compensation for the role. Compensation will be commensurate with demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs. At BSC, it is not typical for an individual to be hired near the bottom or top of the anticipated salary range listed above.

Compensation for non-exempt (hourly), non-sales roles may also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation for exempt, non-sales roles may also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

For MA positions: It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.

So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!

At Boston Scientific, we recognize that nurturing a diverse and inclusive workplace helps us be more innovative and it is important in our work of advancing science for life and improving patient health. That is why we stand for inclusion, equality, and opportunity for all. By embracing the richness of our unique backgrounds and perspectives, we create a better, more rewarding place for our employees to work and reflect the patients, customers, and communities we serve. 

Boston Scientific Corporation has been and will continue to be an equal opportunity employer. To ensure full implementation of its equal employment policy, the Company will continue to take steps to assure that recruitment, hiring, assignment, promotion, compensation, and all other personnel decisions are made and administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information or any other protected class.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status.  Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment.  Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements.   As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.