Sr. Director, Security & Defense, Orthopedics

Job Function

Technology Enterprise Strategy & Security

Security & Controls

People Leader

New Brunswick, New Jersey, United States of America;
Raynham, Massachusetts, United States of America;
Warsaw, Indiana, United States of America;
West Chester, Pennsylvania, United States of America;
West Palm Beach, Florida, United States

Johnson & Johnson announced plans to separate its Orthopaedics business to create a standalone company, DePuy Synthes. The separation is expected to complete within 18 to 24 months, subject to legal requirements and approvals. Upon completion, employees will be governed by DePuy Synthes employment processes, programs, policies, and benefit plans.

DePuy Synthes is a global leader in orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. The company is establishing its own corporate identity while continuing to serve patients, customers, and healthcare systems worldwide.

The Sr. Director, Security & Defense is a senior technology leadership role responsible for setting and executing the cybersecurity and information protection strategy for DePuy Synthes. This leader safeguards enterprise systems, data, products, and operations while enabling business growth and digital innovation. The role partners closely with executive leadership, IT, Legal, Privacy, and business stakeholders to ensure a resilient, compliant, and risk‑aware security posture across the organization and reports to the DePuy Synthes Technology organization.

• Define and lead the enterprise security and cyber defense strategy aligned to business priorities and regulatory requirements.
• Oversee cybersecurity operations, including threat detection, incident response, vulnerability management, and security monitoring.
• Build and maintain a program focused on monitoring and responding to insider threats while supporting legal and employee relations as required.
• Establish and maintain security governance, policies, standards, and risk management frameworks across the organization.
• Lead and develop high‑performing security teams and external partners, fostering a strong culture of accountability and continuous improvement.
• Provide executive‑level reporting on security posture, risks, incidents, and remediation progress.
• Ensure compliance with global cybersecurity, data protection, and industry regulations relevant to medical technology and healthcare environments.
• Support M&A, separation, and transformation initiatives by assessing and mitigating cybersecurity risks.

• Bachelor’s degree required, preferably in Information Technology, Computer Science, Engineering, or a related field.
• Master’s degree or MBA preferred.

• 12‑14 years of experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
• Demonstrated experience leading enterprise‑wide security programs in complex, regulated environments.
• Strong knowledge of cyber defense, incident response, identity and access management, cloud security, and risk frameworks.
• Experience leading and developing global or cross‑functional teams.

• Experience supporting healthcare, life sciences, or medical device organizations.
• Proven ability to influence executive stakeholders and translate technical risk into business impact.
• Experience with large‑scale technology transformations or corporate separations.
• Familiarity with global regulatory and compliance standards (e.g., ISO, NIST, GDPR, HIPAA).
• Strong change leadership and strategic planning capabilities.

• Travel:
  Up to 20%, primarily domestic with occasional international travel.
• Certifications (preferred): CISSP, CISM, CRISC, or equivalent.

• Base pay range: $ – $
• Vacation – 120 hours – Standard
• Sick time – 40 hours per calendar year (48 hours in Colorado; 56 hours in Washington)
• Holiday pay, including Floating Holidays – 13 days per calendar year
• Work, Personal and Family Time – up to…