Director, IT, Information Security, GRC
Innovation starts from the heart. At Edwards Lifesciences, we’re dedicated to developing ground-breaking technologies with a genuine impact on patients’ lives. At the core of this commitment is our investment in cutting-edge information technology. This supports our innovation and collaboration on a global scale, enabling our diverse teams to optimize both efficiency and success. As part of our IT team, your expertise and commitment will help facilitate our patient-focused mission by developing and enhancing technological solutions.This is an exciting opportunity within Edwards Lifesciences’ Information Security organization to lead a Governance, Risk, and Compliance (GRC) team that delivers impactful, high-quality GRC services that enable Edwards’ global business. The Director, GRC is a dynamic and execution-focused Information Security leader. Your role will be to drive the evolution of the GRC program at Edwards offering leadership for key cyber security functions and services. As the GRC leader, you’ll mentor and lead a highly motivated team who is contributing to Edwards’ mission of delivering innovative medical solutions that improve patient lives around the globe.Ideal candidates have five years of experience leading GRC Information Security teams. Join our team in a flexible hybrid or remote role! Enjoy monthly visits to our stunning Irvine campus headquarters, or as needed.How you’ll make an impact:
Lead, evolve, and ensure high-quality, on-time delivery of GRC services to include: Corporate IS Policies and Standards, Enterprise IS Risk Management, Third Party Risk Management, Security Awareness and Training, IS Corporate Communications, and Customer IS Information Request Coordination
Mentor and lead a global team of GRC professionals.
Deliver actionable, data-driven, risk insights to key stakeholders to improve planning and prioritization decisions and activities to achieve and sustain an acceptable risk posture.
Identify and execute on opportunities to automate and streamline GRC operations. Integrate risk management into business and IT processes and workflows.
Deliver continuous enterprise risk monitoring services.
Govern and manage the portfolio of technical and non-technical resources required to successfully execute GRC services.
Define and establish metrics and reporting practices to measure and report on team performance and demonstrate value delivery.
Identify and execute on opportunities to promote and raise GRC awareness and the value the team delivers to Edwards.
Present on GRC topics to a wide variety of audiences.
Act upon external/internal threat information and advise relevant stakeholders on the appropriate
Oversee, lead, and provide briefings of key security functional area based on critical subject matter expertise (e.g., Incident response, threat intelligence, etc.)
Manage team members and/or professionals and/or oversee the work with responsibility for assigned sections of the information security department. Develop a robust talent development and succession planning in alignment with functional growth strategies
Collaborate with key stakeholders to translate business requirements into EW security practices resulting in influencing stakeholders to implement key security requirements
What you’ll need (Required):
Bachelor's degree or equivalent in a related field (e.g., computer science, security, engineering, information security, technology, etc.) + 12 years’ experience -OR- master’s degree or equivalent in a related field + 10 years’ experience. Five years of experience leading a GRC team.
Strong skills, knowledge, and experience building, leading, and executing GRC programs and services.
Progressive leadership experience leading a diverse team of junior and experienced GRC professionals.
Experience building and managing GRC platforms, workflows, and integrations.
Experience implementing and managing risk data analysis and reporting tools and services.
What else we look for (Preferred):
Experience assessing business, technology, compliance, and threat factors to coordinate and execute risk management services to identify, prioritize, guide, monitor, and report on cyber risks and risk treatment activities across the enterprise.
Knowledge and understanding of policy management frameworks and lifecycle operations.
Technical acumen and working knowledge and understanding of enterprise technologies, services, and processes.
Ability to define and communicate long-term and short-term objectives and priorities, build individual work plans and deliverables, and ensure successful execution.
Experience working in the MedTech/Life Sciences industry.
CISM, CISSP, CISA or other relevant industry certifications.
Global leadership experience.
Experience implementing and managing a continuous risk monitoring program.
Familiarity with Jira and Agile Methodology.
Experience working in a regulated industry
Experience in applications, software, and data protection
Proven successful project management leadership skills
Excellent problem-solving, organizational, analytical, and critical thinking skills including high discretion/judgment in decision making
Broad and extensive knowledge of security lifecycle in information assets, technology, products, and intellectual property
Aligning our overall business objectives with performance, we offer competitive salaries, performance-based incentives, and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.For California, the base pay range for this position is $166,000 to $235,000 (highly experienced).The pay for the successful candidate will depend on various factors (e.g., qualifications, education, prior experience). Applications will be accepted while this position is posted on our Careers website.Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.COVID Vaccination RequirementEdwards is committed to protecting our vulnerable patients and the healthcare providers who are treating them. As such, all patient-facing and in-hospital positions require COVID-19 vaccination. If hired into a covered role, as a condition of employment, you will be required to submit proof that you have been vaccinated for COVID-19, unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in locations where it is prohibited by law to impose vaccination.