Manager, Cybersecurity Governance & Risk

Additional Location(s):  N/A

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.

About the role:
Boston Scientific is seeking an execution-driven leader with the vision and expertise to guide our Cybersecurity Governance and Risk Management strategy. As the Manager, Cybersecurity Governance & Risk, you will lead initiatives that strengthen our Cybersecurity Risk Management program, including third-party, M&A, risk assessment, remediation, and registry management, while advancing governance practices that protect and enable the company’s growth. This key leadership role oversees our Governance team, responsible for policy and standards development, security awareness and education, metrics and communications, and the management of our global GRC tool. You’ll collaborate across Cybersecurity, IT, and our global business units, cultivating partnerships with internal stakeholders and strategic external partners. Additionally, this role manages the intake and documentation processes that support operational excellence within the Cybersecurity organization. 

Work model, sponsorship, relocation:

At Boston Scientific, we value collaboration and synergy. This role follows a hybrid work model requiring employees to be in our Marlborough, MA office at least three days per week. Boston Scientific will not offer sponsorship or take over sponsorship of an employment visa for this position at this time. Relocation assistance is not available for this position at this time.

This role will accept applications until 11:59 p.m. CT on October 26, 2025. 

 
Your responsibilities will include:

• Analyze the needs of the cybersecurity strategy and establish detailed objectives, goals, and priorities to drive Cybersecurity Governance and Risk Management initiatives, including the development of strategic roadmaps and Annual Operating Plan (AOP) submissions.
• Provide project management leadership for ongoing and future initiatives supporting the Cybersecurity Governance and Risk Management strategy across the enterprise.
• Lead and manage a team of Cybersecurity Governance and Risk Management analysts, including oversight of daily operations, eGRC tool maintenance, workload intake, and ticket management.
• Manage the Cybersecurity Governance and Risk Management budget, covering personnel (BSC and consultant), maintenance, travel, education, and miscellaneous expenditures.
• Lead a global Phishing Program reaching over 50,000 employees and end users through automation and scalable tools.
• Oversee procurement and renewal of contracts supporting the Cybersecurity Governance and Risk Management function.
• Lead enterprise-wide Cybersecurity Risk Management activities, including BSC and third-party risk assessments, remediation, reporting, and strategic planning—incorporating due diligence and risk processes for mergers and acquisitions.
• Develop and maintain Cybersecurity policies, standards, and documentation to support governance, cyber insurance, and compliance requirements.
• Drive Security Awareness and Education programs, fostering a cybersecurity-aware culture across a global organization with operations in APAC, Europe, and LATAM.
• Monitor and measure the effectiveness and maturity of the cybersecurity program through metrics, dashboards, and program-level KPIs.
• Conduct industry benchmarking and maintain awareness of evolving cybersecurity trends, sharing insights with leadership to support proactive and preventive risk mitigation.
• Demonstrate a primary commitment to patient safety and product quality by maintaining compliance with the Quality Policy and all documented quality processes and procedures.
• Influence key stakeholders and drive alignment in sensitive or complex scenarios, requiring strong communication and change management skills.
• Work on complex programs and challenges of broad scope, leveraging deep subject matter expertise to implement strategic policies, manage staff functions, and ensure adherence to budgets, schedules, and performance standards (this role does not include subordinate managers).
   

Required qualifications:

• Bachelor’s degree in Cybersecurity, Information Security or IT Security, Business, Finance, or other related area.
• 7+ years of experience in cybersecurity analysis, governance, risk, and compliance (GRC) within a global organization.
• Experience working in both in-person and virtual global team environments; demonstrated ability to work independently and collaboratively.
• Experience developing and maintaining working relationships with internal teams (Cybersecurity, IT, Business Units) and external partners (stakeholders, vendors).
• Experience managing program and operational budgets, vendor contracts, and procurement processes, including negotiations.
• Background in cybersecurity contract management, including Master Service Agreements (MSAs), software and subscription agreements, and professional services contracts.
• Experience creating and implementing cybersecurity GRC strategies aligned with organizational and regulatory requirements.
• Demonstrated ability to support progress on cybersecurity initiatives through structured problem-solving.
   

Preferred qualifications:

• Experience at Boston Scientific or a similar-sized global medical device organization.
• MBA or other advanced degree
• Cybersecurity certifications (e.g., CISSP, CISM, CRISC, PCIP)
• Project management and Agile certifications (e.g., PMP, Scrum Master)

Requisition ID: 616331

Minimum Salary: $103700 

Maximum Salary: $197000 

The anticipated compensation listed above and the value of core and optional employee benefits offered by Boston Scientific (BSC) – see www.bscbenefitsconnect.com—will vary based on actual location of the position and other pertinent factors considered in determining actual compensation for the role. Compensation will be commensurate with demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs. At BSC, it is not typical for an individual to be hired near the bottom or top of the anticipated salary range listed above.

Compensation for non-exempt (hourly), non-sales roles may also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation for exempt, non-sales roles may also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

For MA positions: It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen. So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!

At Boston Scientific, we recognize that nurturing a diverse and inclusive workplace helps us be more innovative and it is important in our work of advancing science for life and improving patient health. That is why we stand for inclusion, equality, and opportunity for all. By embracing the richness of our unique backgrounds and perspectives, we create a better, more rewarding place for our employees to work and reflect the patients, customers, and communities we serve. 

Boston Scientific Corporation has been and will continue to be an equal opportunity employer. To ensure full implementation of its equal employment policy, the Company will continue to take steps to assure that recruitment, hiring, assignment, promotion, compensation, and all other personnel decisions are made and administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information or any other protected class.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status.  Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment.  Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements.   As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.

#LI-Hybrid