VP, Chief Information Security Officer; CISO

VP, Chief Information Security Officer (CISO)

Work mode:
Hybrid Onsite Location(s):
Marlborough, MA, US, 01752 Additional Location(s): US-MN-Arden Hills Diversity
- Innovation
- Caring
- Global Collaboration
- Winning Spirit
- High Performance At Boston Scientific, we'll give you the opportunity to harness all that's within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we'll help you in advancing your skills and career.

About the Role:

The Chief Information Security Officer (CISO) is responsible for defining and executing Boston Scientific's enterprise-wide information security strategy, ensuring the protection of patient data, intellectual property, and global business operations. This role serves as an enterprise security leader and trusted advisor to the executive team, providing objective, risk-based guidance to protect the company while enabling business growth. The CISO drives the evolution of cybersecurity capabilities, resilience, and governance while embedding security into the company's digital, cloud, and innovation agenda.

Key Responsibilities:

Enterprise Security Strategy & Leadership Define and execute a global cybersecurity strategy and multi-year roadmap aligned to enterprise priorities and risk appetite Lead a global security strategy that accounts for regional and country-specific requirements, ensuring enterprise standards are effectively adapted and managed across diverse regulatory, business, and operational environments Serve as the primary advisor to the CIO, executive leadership, and Board on cybersecurity risks, posture, and investments Define strategy for securing emerging technologies, including artificial intelligence, machine learning, and advanced analytics, ensuring safe and responsible adoption across the enterprise Drive security as a business enabler, ensuring alignment with commercial, clinical, and innovation objectives Lead and mature a high-performing global information security organization, including internal teams and external partners Cyber Risk Management & Governance Establish and scale a risk-based security operating model, aligned to industry frameworks (e.g., NIST, ISO 27001) Partner with business and functional leaders to prioritize investments using risk, financial, and operational impact models Oversee enterprise security governance, policies, standards, and controls Ensure compliance with global regulatory requirements (e.g., FDA, HIPAA, GDPR, and other regional regulations) Security Engineering & Operations Oversee design and operation of security architecture and controls, including:
Network and endpoint security Identity and access management Cloud security (IaaS/PaaS/SaaS) Threat detection and response capabilities Lead modernization of security tooling and platforms (e.g., SIEM, EDR, zero trust frameworks) Ensure effective vulnerability management and remediation programs Threat Management & Incident Response Serve as executive lead for cybersecurity incidents and crisis response Establish and oversee enterprise incident response, business continuity, and disaster recovery programs Monitor and respond to evolving threats including advanced persistent threats (APTs), ransomware, phishing, and supply chain vulnerabilities Drive continuous improvement through post-incident reviews and threat intelligence Data Protection & Privacy Lead enterprise strategies to protect sensitive data (PHI/PII), clinical data, and intellectual property Ensure strong data governance, classification, and protection controls Partner with Legal and Compliance on privacy and data protection initiatives Business Engagement & Influence Act as a trusted partner to global business units, embedding security into product development, digital, and commercial initiatives Build strong cross-functional partnerships across IT, R&D, Quality, Regulatory, Legal, and Commercial teams Communicate clearly with executive stakeholders and Board-level audiences Culture, Talent & Transformation Foster a security-first culture across the enterprise Build and develop diverse, high-performing teams and future leaders Act as a change agent, driving continuous improvement and innovation in security practices Establish measurable KPIs to track security maturity, effectiveness, and ROI Quality & Regulatory Commitment Ensure all activities align with Boston Scientific's Quality Policy and Quality System requirements Maintain a strong focus on patient safety, product integrity, and regulatory compliance Provide leadership to ensure appropriate resources, training, and adherence to quality standards

Required Qualifications:

Bachelor's degree in Information Security, Computer Science, Engineering, or related field 15+ years of progressive experience in information security and IT leadership Proven experience leading enterprise cybersecurity strategy in a global, regulated…