Director Cybersecurity

JOB DESCRIPTION:

Working at Abbott

At Abbott you can do work that matters grow and learn care for yourself and your family be your true self and live a full life. Youll also have access to:

• Career development with an international company where you can grow the career you dream of.
• Employees can qualify forfree medical coverage in ourHealth Investment Plan (HIP) PPOmedical plan in the next calendar year.
• An excellent retirement savings plan with a high employer contribution.
• Tuition reimbursement the Freedom 2 Save student debt program and FreeU education benefit - an affordable and convenient path to getting a bachelors degree.
• A company recognized as a great place to work in dozens of countries worldwide and named one of the most admired companies in the world by Fortune.
• A company that is recognized as one of the best big companies to work for as well as the best place to work for diversity working mothers female executives and scientists.

THE OPPORTUNITY
At Lingo were building a groundbreaking health platform that combines continuous biosensor data real-time analytics and personalized insights to help people live fuller longer and healthier lives. Our systems ingest millions of sensor readings daily powering experiences for consumers and partners worldwide with the reliability and scalability of cloud-native enterprise-grade platforms.

We are looking for a Director Security to help accelerate growth across the U.S. Spain and this role you will build and lead a world-class globally distributed security function responsible for the security of Lingos products and processes. The role requires a hands-on leader who can partner deeply with engineering product quality and regulatory teams to reduce risk while enabling fast high-quality delivery in a regulated consumer health environment.

You will own the end-to-end security strategy across Lingos cloud platforms mobile applications biosensor/CGM data pipelines AI/ML services and supporting enterprise systems. You will establish security architecture and operational capabilities that scale globally and you will grow and unify a team of security engineers who operate with consistent standards and urgency regardless of time zone.

What Youll Work On

• Direct and provide a strategic risk management vision that scales globally to effectively secure products and data without slowing company innovation and execution.
• Build and lead a high-performing globally distributed security organization across the U.S. Spain and India including hiring strategy team structure operating model and budget ownership.
• Drive a strong security culture within the security team and across the broader organization through clear expectations enablement and partnership with engineering leadership.
• Define and communicate security KPIs and metrics aligned to business initiatives (e.g. vulnerability SLAs threat modeling coverage security test automation incident response readiness) and present them to non-technical stakeholders in an understandable manner.
• Own security policies standards and reference architectures for cloud mobile data pipelines and AI/ML services including protections against emerging threats and objectives for monitoring and response.
• Partner with Product and Engineering to embed security-by-design practices (threat modeling secure SDLC dependency and container security secrets management secure configuration baselines) into delivery workflows.
• Establish and evolve a security maturity model that reduces complexity focuses on fundamentals and is tracked over time with measurable improvements.
• Lead vulnerability management across applications cloud infrastructure and endpoints including triage remediation governance and verification of fixes.
• Require and schedule independent verification and validation activities (penetration tests red team exercises security code reviews and assessments) using internal resources and trusted third parties.
• Build and operate incident response capabilities including on-call rotations playbooks tabletop exercises and post-incident reviews that drive preventive actions.
• Partner with program teams for stringent vetting and continual assessment of the supply chain including third-party risk management SBOM/CBOM practices and vendor security reviews.
• Partner with Quality and compliance stakeholders to ensure security requirements are incorporated into business processes and product development lifecycle controls.
• Partner with Regulatory Affairs Quality and Legal to translate regulatory and privacy requirements into practical scalable controls (e.g. FDA expectations HIPAA GDPR 21 CFR Part 11 where applicable).
• Conduct internal assessments and training to bolster security and regulatory compliance across the product portfolio and associated development resources.
• Provide regular reporting to senior management on the threat landscape material risks tactical controls and strategic roadmap; communicate tradeoffs and decisions clearly.
• Develop security awareness training for all employees and allocate budget for ongoing technical training and certifications for security staff.
• Actively recruit and lead by example to create a respectful inclusive culture where employees want to work; build partnerships with higher education to grow a pipeline of future talent.

Required Qualifications

• Bachelors degree in computer science engineering or a related field or equivalent practical experience.
• 15 years in cybersecurity product security or security engineering including 5 years leading and scaling managers and/or globally distributed teams.
• Demonstrated experience building security programs (not just operating them) including org design hiring tooling strategy and culture development.
• Strong background in secure software development practices for cloud and mobile products (secure SDLC threat modeling application security testing dependency risk management).
• Experience securing cloud-native systems (e.g. AWS/Azure/GCP) including IAM network security logging/monitoring secrets management and infrastructure-as-code security.
• Experience leading vulnerability management and coordinating remediation across engineering organizations with clear SLAs and verification practices.
• Proven incident response leadership including building playbooks running tabletop exercises and driving post-incident corrective and preventive actions.
• Experience partnering with governance and compliance functions on risk assessments exceptions third-party risk and audit readiness in regulated environments.
• Strong executive communication skills with the ability to translate technical risks into business impact and influence decisions across cultures and time zones.
• Demonstrated ability to lead through influence in a fast-paced cross-functional consumer technology and/or digital health environment.

Preferred Qualifications

• Experience scaling security teams across U.S. European and Asian geographies with sensitivity to cross-cultural leadership and distributed operating models.
• Experience with security in regulated industries (medical devices digital health or life sciences) including familiarity with standards and expectations (e.g. ISO 27001/27002 ISO 13485 intersections IEC 62304 security considerations FDA cybersecurity guidance).
• Experience securing IoT or biosensor data platforms including telemetry integrity device-to-cloud security patterns and high-throughput data pipelines.
• Background in privacy engineering and data protection (PII/PHI) including DPIAs data minimization and cross-border data considerations.
• Experience with security testing and assurance approaches for AI/ML systems (model abuse cases and secure model deployment practices).
• Relevant certifications (e.g. CISSP CISM CCSP GIAC) or equivalent demonstrated expertise.

The base pay for this position is

In specific locations the pay range may vary from the range posted.

JOB FAMILY:

DIVISION:

LOCATION:

ADDITIONAL LOCATIONS:

WORK SHIFT:

TRAVEL:

MEDICAL SURVEILLANCE:

SIGNIFICANT WORK ACTIVITIES:

Director