VP, Chief Information Security Officer (CISO)

Additional Location(s): US-MN-Arden Hills

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.       

About the Role:

The Chief Information Security Officer (CISO) is responsible for defining and executing Boston Scientific’s enterprise-wide information security strategy, ensuring the protection of patient data, intellectual property, and global business operations.

This role serves as an enterprise security leader and trusted advisor to the executive team, providing objective, risk-based guidance to protect the company while enabling business growth. The CISO drives the evolution of cybersecurity capabilities, resilience, and governance while embedding security into the company’s digital, cloud, and innovation agenda.

Key Responsibilities:

Enterprise Security Strategy & Leadership

• Define and execute a global cybersecurity strategy and multi-year roadmap aligned to enterprise priorities and risk appetite
• Lead a global security strategy that accounts for regional and country-specific requirements, ensuring enterprise standards are effectively adapted and managed across diverse regulatory, business, and operational environments
• Serve as the primary advisor to the CIO, executive leadership, and Board on cybersecurity risks, posture, and investments
• Define strategy for securing emerging technologies, including artificial intelligence, machine learning, and advanced analytics, ensuring safe and responsible adoption across the enterprise
• Drive security as a business enabler, ensuring alignment with commercial, clinical, and innovation objectives
• Lead and mature a high-performing global information security organization, including internal teams and external partners

Cyber Risk Management & Governance

• Establish and scale a risk-based security operating model, aligned to industry frameworks (e.g., NIST, ISO 27001)
• Partner with business and functional leaders to prioritize investments using risk, financial, and operational impact models
• Oversee enterprise security governance, policies, standards, and controls
• Ensure compliance with global regulatory requirements (e.g., FDA, HIPAA, GDPR, and other regional regulations)

Security Engineering & Operations

• Oversee design and operation of security architecture and controls, including:
  • Network and endpoint security
  • Identity and access management
  • Cloud security (IaaS/PaaS/SaaS)
  • Threat detection and response capabilities
• Lead modernization of security tooling and platforms (e.g., SIEM, EDR, zero trust frameworks)
• Ensure effective vulnerability management and remediation programs

Threat Management & Incident Response

• Serve as executive lead for cybersecurity incidents and crisis response
• Establish and oversee enterprise incident response, business continuity, and disaster recovery programs
• Monitor and respond to evolving threats including advanced persistent threats (APTs), ransomware, phishing, and supply chain vulnerabilities
• Drive continuous improvement through post-incident reviews and threat intelligence

Data Protection & Privacy

• Lead enterprise strategies to protect sensitive data (PHI/PII), clinical data, and intellectual property
• Ensure strong data governance, classification, and protection controls
• Partner with Legal and Compliance on privacy and data protection initiatives

Business Engagement & Influence

• Act as a trusted partner to global business units, embedding security into product development, digital, and commercial initiatives
• Build strong cross-functional partnerships across IT, R&D, Quality, Regulatory, Legal, and Commercial teams
• Communicate clearly with executive stakeholders and Board-level audiences

Culture, Talent & Transformation

• Foster a security-first culture across the enterprise
• Build and develop diverse, high-performing teams and future leaders
• Act as a change agent, driving continuous improvement and innovation in security practices
• Establish measurable KPIs to track security maturity, effectiveness, and ROI

Quality & Regulatory Commitment

• Ensure all activities align with Boston Scientific’s Quality Policy and Quality System requirements
• Maintain a strong focus on patient safety, product integrity, and regulatory compliance
• Provide leadership to ensure appropriate resources, training, and adherence to quality standards

Required Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related field
• 15+ years of progressive experience in information security and IT leadership
• Proven experience leading enterprise cybersecurity strategy in a global, regulated environment (medtech, healthcare, pharma, or similar)
• Demonstrated success building and leading global teams and operating in matrixed organizations
• Deep expertise across cyber risk management, security architecture, operations, and regulatory frameworks
• Strong executive communication and stakeholder influence skills

Preferred Qualifications

• Advanced degree (MBA or Master’s in Cybersecurity or related field)
• Industry certifications (e.g., CISSP, CISM, CRISC)
• Experience supporting digital transformation, cloud adoption, and product security
• Experience engaging with Board of Directors or Audit Committees

Requisition ID: 630697

Minimum Salary: $325,000 

Maximum Salary: $475,000 

The anticipated compensation listed above and the value of core and optional employee benefits offered by Boston Scientific (BSC) – see www.bscbenefitsconnect.com—will vary based on actual location of the position and other pertinent factors considered in determining actual compensation for the role. Compensation will be commensurate with demonstrable level of experience and training, pertinent education including licensure and certifications, among other relevant business or organizational needs. At BSC, it is not typical for an individual to be hired near the bottom or top of the anticipated salary range listed above.

Compensation for non-exempt (hourly), non-sales roles may also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).

Compensation for exempt, non-sales roles may also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).

For MA positions: It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.

Boston Scientific transforms lives through innovative medical technologies that improve the health of patients around the world. As a global medical technology leader for more than 45 years, we advance science for life by providing a broad range of high-performance solutions that address unmet patient needs and reduce the cost of healthcare. Our portfolio of devices and therapies helps physicians diagnose and treat complex cardiovascular, respiratory, digestive, oncological, neurological and urological diseases and conditions. Learn more at www.bostonscientific.com and follow us on LinkedIn.

Boston Scientific Corporation has been and will continue to be an equal opportunity employer. To ensure full implementation of its equal employment policy, the Company will continue to take steps to assure that recruitment, hiring, assignment, promotion, compensation, and all other personnel decisions are made and administered without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, gender expression, veteran status, age, mental or physical disability, genetic information or any other protected class.

Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status.  Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment.  Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements.   As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.