Senior Director, Product Security

Innovation starts from the heart. Our Advanced Innovation & Technology (AI&T) teams harness the imagination courage and resourcefulness to think beyond whats currently possible and create solutions for patients many years into the future. If youre an early-stage innovator then Edwards AI&T team is the place for you to take the next steps in your career. Well give you the tools and resources you need to create groundbreaking innovations that shape the future of structural heart technology.

This role is foundational to Edwards evolving connected device portfolio and will operate as an independent Product Security function distinct from Enterprise IT and Cybersecurity while partnering closely with both.

How youll make an impact:

• Provide enterprise-level strategic leadership for medical devices and digital health product cybersecurity across the full product lifecycle with a strong hands-on orientation to product and device security.

• Own and represent Edwards product cybersecurity posture during regulatory inspections FDA pre- and post-market submissions and external audits including SBOM management vulnerability disclosure and post-market surveillance.

• Communicate product cybersecurity risk to executive leadership the ELT and Board-level committees including risk posture incidents mitigations and residual risk acceptance.

• Serve as the primary Product Security voice to the Board delivering quarterly updates that translate technical risk into clear business and patient impact.

• Lead response to significant product cybersecurity incidents including decision-making regulatory engagement external communications and post-incident reporting.

• Define monitor and report product security metrics and key risk indicators including vulnerability trends remediation effectiveness control maturity and residual risk.

• Oversee security architecture and controls for cloud-connected medical devices and digital health platforms (including AWS and GCP; Azure acceptable) ensuring secure operation data integrity privacy and regulatory compliance.

What youll need (Required)

• Bachelors or Masters degree in a related field (e.g. computer science engineering information security technology) or equivalent work experience based on Edwards criteria

• Extensive hands-on experience spanning the information and product security lifecycle from concept through commercialization

• Demonstrated expertise in cloud security architectures for connected products including experience securing regulated or medical devices integrated with cloud platforms

• Deep technical experience with embedded systems firmware device protocols and physical device security frameworks

• Proven experience operating in regulated environments supporting audits inspections and compliance requirements

What else we look for (Preferred)

• 15 years of previous related experience or equivalent work experience based on Edwards criteria

• Relevant certifications (e.g. CISSP CISM CSSLP CCSP GIAC)

• This role is based on-site in Irvine CA with 100% in-office presence required

• Ability and willingness to operate in a hands-on builder role rather than solely through delegation

• Product security experience in medical devices connected devices semiconductors or other regulated technology industries (e.g. implanted devices connected health imaging systems)

• Experience navigating real-world product security incidents vulnerabilities or regulatory escalations and driving corrective actions

• Experience securing IoT AI-enabled and embedded systems beyond traditional endpoint or enterprise IT security

• Strong grounding in Secure Software Development Lifecycle (SSDLC) including writing testable cybersecurity requirements and validation plans

• Background in DevSecOps / DevCloudSecOps embedding security into CI/CD pipelines and cloud environments

• Knowledge of FDA cybersecurity guidance IECand related regulatory standards

• Experience with risk management frameworks and security standards (e.g. NIST ISO/IEC 27001 COBIT)

• Familiarity with data protection technologies threat management and vulnerability testing

• People leadership experience is a plus but not the primary differentiator; technical depth and product credibility are prioritized

• Exceptional communication and stakeholder influencing skills across senior and executive audiences

• Strong analytical organizational and decision-making capabilities in fast-paced evolving environment

• Own security design at the device-to-cloud boundary including secure data transmission protocol governance and lifecycle risk management.

• Provide subject matter expertise across key security domains such as vulnerability management threat intelligence embedded systems security and cloud security including executive-level briefings.

• Personally contribute to security requirements design reviews test strategies penetration testing programs and vulnerability mitigation planning for connected products.

• Lead and develop a small highly technical team (initially 13 direct reports) aligned to R&D and Product organizations.

• Partners functionally with R&D Product Regulatory Quality and IT teams to translate business and regulatory requirements into practical enforceable security controls.

• Conduct security assessments audits and risk reviews to proactively identify and mitigate product platform and cloud risks.

• Maintain awareness of emerging threats vulnerabilities and regulatory expectations to proactively reduce product security risk.

• Promote secure-by-design and secure-by-default practices throughout the product lifecycle.

• Assess security needs and deliver solutions through proposal development prioritization and implementation aligned with business and regulatory objectives.

Aligning our overall business objectives with performance we offer competitive salaries performance-based incentives and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.

For California (CA) the base pay range for this position is $209000 to $296000 (highly experienced).

The pay for the successful candidate will depend on various factors (e.g. qualifications education prior experience). Applications will be accepted while this position is posted on our Careers website.

Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.

COVID Vaccination Requirement

Edwards is committed to protecting our vulnerable patients and the healthcare providers who are treating them. As such all patient-facing and in-hospital positions require COVID-19 vaccination. If hired into a covered role as a condition of employment you will be required to submit proof that you have been vaccinated for COVID-19 unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in locations where it is prohibited by law to impose vaccination.