Apply on Employer Site

STAAR Surgical · 4 hours ago

Director, Information Security

Lake Forest, CA

Full-time

Onsite

Director/Executive

$200K/yr - $250K/yr

8+ years exp

STAAR Surgical is a company focused on information security within its Information Technology team. The Director of Information Security plays a critical role in defining, delivering, and supporting information security programs, managing a team of professionals, and ensuring the organization meets its strategic and operational objectives in security.

BiotechnologyHealth CareManufacturingMedical Device

H1B Sponsor Likely

Responsibilities

Directs the efforts of others in the achievement of the strategic and operational objectives of the group

Responsible for managing STAAR Surgical’s Information Security function, including:

Works across the business and IT, at all levels of management, to define, establish, communicate and achieve strategic, tactical and operational objectives for the information security function

Defines, implements and monitors security strategies, policies, standards, guidelines and procedures, including: General IT Use Policies; BYOD policies; and IT general and technical controls and procedures in support SOX compliance

Defines, implements and supports best-fit solutions for STAAR Surgical’s Information Security strategy

Effectively manages delivery of new Security technology through proper SDLC policies and procedures

Manages the hiring, staffing and maintaining of a diverse and effective workforce

Responsible for career development, planning and performance discussions of team members

Influences individuals within and outside the IT department

Prepares and presents reports to all levels of leadership and staff

Establishes and maintains budgets, operational plans and performance requirements

Manages periodic user access reviews of in-scope SOX systems

Works with engineering and development teams to define and refine information security and systems management policies and settings

Works with Procurement and Internal Audit to develop a robust third-party security risk management program

Monitors and assesses vendor and 3rd party information security reports/lists

Evaluates new and emerging products, technologies and make recommendations to leadership concerning introduction of new technologies

Coordinates, administers, manages and monitors the use of access control systems security tools and intrusion detection systems to identify anomalous events and security infractions that exploit system vulnerabilities, including dispositioning and reporting of events to relevant regulatory bodies in accordance with established policies and procedures

Integrates information security controls into an environment to identify and mitigate risks

Provides analysis of potential risk to information security and recommends solutions

Creates and maintains information security documentation

Communicates information security procedures to users

Reviews and recommends changes to information security policies, including STAAR Surgical IT use policies, Data Sensitivity, Privacy and Personally Identifiable Information Security Policies and procedures

Stays apprised of current and upcoming cybersecurity and privacy regulations to understand how it impacts STAAR, including mapping these requirements to current data security projects and policies

Leads cross-functional teams that perform information security reviews and audits and review designs for information security issues

Acts as a subject matter expert and local leader for information security direction, training and guidance for less experience information security engineers

Instructs, directs, mentors, assigns and oversees work of less-experienced team members

Other duties as assigned

Qualification

CISSPNISTCISACISMCEHSecurity Incident & Event Mgmt.Endpoint Detection & ResponseIntrusion Detection & PreventionNetwork Access ControlsData ClassificationLoss PreventionVulnerability ManagementPublic Key InfrastructureAnalytical SkillsCoachingJapanese LanguageMandarin LanguageProject ManagementCommunication SkillsMentoring

Required

Bachelor's degree or equivalent combination of education/experience

Security professional certification required: CISSP (preferred), NIST, CISA, CISM, CEH

8-10 years relevant work experience

Experience in identifying and utilizing a global risk-based management model, and application and integration of globally accepted security standards

Experience implementing security technologies and capabilities, including: email security/gateways; Endpoint Detection & Response (EDR); Security Incident & Event Mgmt. (SIEM), Extended Detection & Response (XDR), Firewalls, Intrusion Detection & Prevention (IDS/IPS), Network Access Controls (NAC), Data Classification and Loss Prevention (DLP), Configuration Mgmt. Controls, Identity Management, Privilege Access Mgmt. (PAM), Encryption at Rest/Motion, Public Key Infrastructure (PKI), Vulnerability Mgmt. and Security Operation Centers (SOC)

Experience in engineering, implementing, configuring, administering and maintaining next-generation firewall solutions (e.g., Fortinet, Palo Alto, etc.)

Experience in coaching and mentoring both team members and business partners

Possesses expert knowledge, skills and abilities required to resolve the most/highly complex privacy and information security concerns

Expert knowledge of cybersecurity practices, system development methodology, project management, analytical/problem solving skills and relevant development and technology skills

Clearly understands short and long-term business and IT goals & objectives, and aligns Security direction accordingly

Understands impact of emerging IT and business trends and their implications for the company and its customers security concerns

Demonstrates strong understanding and knowledge of privacy compliance frameworks such as GDPR, CCPA, and other international regulations, etc

Expert knowledge implementing generally accepted information security frameworks such CIS, CSA, COBIT, ENISA, NIST, etc

Advanced knowledge of network security and technologies that pertains to communications, computer systems and related infrastructures

Has strong management and communications skills, technical depth, and a passion for cybersecurity and risk management to protect and defend the information assets STAAR

Excellent facilitation and communication skills

Must possess excellent facilitation and communication skills, and able to adapt to the level and nature of their audience

Preferred

Master's degree preferred

Ability to communicate in Japanese and/or Mandarin is a plus

Company

STAAR Surgical

STAAR, which has been dedicated solely to ophthalmic surgery for over 40 years, designs, develops, manufactures and markets implantable lenses for the eye.

Founded in 1982

Lake Forest, California, USA

501-1000 employees

http://staar.com/

H1B Sponsorship

STAAR Surgical has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (11)

2024 (8)

2023 (6)

2022 (10)

2021 (2)

2020 (3)

Funding

Current Stage

Public Company

Total Funding

unknown

2025-08-05Acquired

1990-11-02IPO

Leadership Team

Keith Holliday

Chief Technology Officer

Recent News

Business Wire

STAAR Surgical and Broadwood Partners Enter Into Cooperation Agreement

2026-01-16

GlobeNewswire

Intraocular Lens Market Size to Reach USD 9.85 Billion by 2033, Growing at a CAGR of 6.48% - SNS Insider

2026-01-09

Business Wire

Alcon Terminates Agreement to Acquire STAAR Surgical

2026-01-07

Company data provided by crunchbase