Apply on Employer Site

CONMED Corporation · 1 day ago

Senior Director of Information Security and Compliance

United States

Full-time

Hybrid

Director/Executive

$180K/yr - $290K/yr

10+ years exp

CONMED Corporation is a progressive medical device manufacturer with a global footprint. The Senior Director of Information Security & Compliance is responsible for ensuring global information security and compliance, leading security teams, and aligning security strategy with business direction.

Information TechnologyMedicalMedical Device

No H1B

Responsibilities

Plan, direct and manage the global information security function for both information technology and communications systems for the company; includes all software, hardware, network infrastructure, and vendors hosting or accessing data on behalf of the company

Accountable for building and maintaining a high performing team

Achieve & maintain high Employee Engagement within the Security & Compliance function

Achieve & maintain high Customer Satisfaction on services provided by the Security & Compliance function

Develop and evolve information security strategy in alignment with company direction and based on current best practices, emerging trends in our threat landscape, and customer and government requirements regarding information security and data privacy, while balancing risk with spend and our ability to operate. Information Security strategy & tactics must include: Identification: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities Protection: Develop and implement appropriate safeguards to ensure protection of the enterprise’s assets, including measurement tools for system vulnerability assessments Detection: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event Response: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event, minimizing the impact of security events Recovery: Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event Measure: Develop metrics to show the effectiveness of the information security systems and report results to management in an effective manner that aligns with corporate goals

Plan, direct, and manage the IT general controls compliance function to ensure the security, accuracy and reliability of the systems that manage and report the company's data, including financial data

Communicate all applicable (for all countries in which we operate) government information security requirements and associated risks to business decision makers

Assess disaster recovery and business continuity plans with respect to commercially reasonable practices. Work with peers to appropriately coordinate and communicate activities in alignment with overall corporate and IT strategic intent

Qualification

CybersecurityCompliance expertiseNIST CSF 2.0ISO 27001 2022CISSP CertificationGRC platformsData governanceAnalytical skillsResults drivenFluent in EnglishLeadership skillsCommunication skillsCollaborationOrganizational skills

Required

Bachelor's Degree in cybersecurity, computer science, information technology, management information systems or related field

10+ years experience in security operations specifically in managing engineering teams and respective technologies

10+ years experience with cyber maturity framework, specifically NIST CSF 2.0, CIS 18, and ISO 27001:2022

10+ years in cybersecurity and related areas including knowledge and understanding of relevant legal, regulatory and privacy requirements for a global organization

Compliance & Privacy Expertise

Deep understanding of SOX (Sarbanes-Oxley Act) controls and audit requirements

Experience implementing and maintaining GDPR compliance programs

Familiarity with GRC (Governance, Risk, and Compliance) platforms and frameworks

Knowledge of privacy regulations for companies with a significant presence internationally (China, Brazil, Spain, EU, UK), and global data protection laws

Ability to lead cross-functional teams in privacy impact assessments and data governance

Experience working with legal and compliance teams to manage regulatory risk

Preferred

Master's degree in Business Administration, Computer Science, or related field

CISSP Certification

5+ years of management experience or demonstrated leadership acumen

Medical Device industry experience

Benefits

Excellent healthcare including medical, dental, vision and prescription coverage

Short & long term disability plus life insurance -- cost paid fully by CONMED

Retirement Savings Plan (401K) -- CONMED matches your contributions dollar for dollar, with the potential for up to 7% per pay period

Employee Stock Purchase Plan -- allows stock purchases at discounted price

Tuition assistance for undergraduate and graduate level courses

Company

CONMED Corporation

Glassdoor3.5

CONMED is a global medical technology company that specializes in the development and sale of surgical and patient monitoring products and services that allow our physician customers to deliver high quality care and as a result, enhanced clinical outcomes for their patients.

Founded in 1970

Utica, New York, USA

1001-5000 employees