×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Job in Warsaw, Kosciusko County, Indiana, 46580, USA
Listing for: J&J Family of Companies
Full Time position
Listed on 2026-07-16
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below

Sr. Director, Deputy CISO

Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone Orthopaedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals.

Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes, and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.

DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world's largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter—establishing its own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world.

This role serves as a senior cybersecurity leader and trusted advisor to the CISO, with enterprise accountability for Governance, Risk & Compliance (GRC) and Product Security across DePuy Synthes. The Sr. Director, Deputy CISO will shape and execute cybersecurity strategy that protects patients, products, data, and operations while enabling innovation and growth in a regulated medical technology environment. This is a highly visible leadership role with direct impact on product safety, regulatory readiness, and enterprise risk posture, and reports into the DePuy Synthes Technology organization.

Key Responsibilities

  • Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs, ensuring alignment with business priorities and regulatory requirements.
  • Partner with the CISO to define and execute the cybersecurity strategy, serving as a delegate and decision authority as needed.
  • Lead enterprise risk management activities, including cyber risk identification, assessment, mitigation, and reporting to executive leadership.
  • Own the enterprise cyber security policy lifecycle—from creation and implementation to continuous review—ensuring clarity, compliance, and alignment with organizational goals.
  • Oversee cybersecurity compliance with global regulations, standards, and frameworks relevant to medical devices and digital health solutions.
  • Establish and maintain product security governance across the product lifecycle, from design and development through post-market support.
  • Drive secure-by-design principles and threat modeling in partnership with R&D, Engineering, Quality, and Regulatory teams.
  • Lead and develop high-performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, and continuous improvement.
  • Provide executive-level reporting on cybersecurity risk, compliance status, and program effectiveness to senior leadership and governance bodies.

Qualifications

Education

Required:

Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.

Preferred:
Master's degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.

Experience and Skills

Required:

  • 12–14 years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
  • Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device, healthcare, or life sciences strongly preferred).
  • Deep knowledge of cybersecurity risk management, compliance frameworks, and regulatory expectations.
  • Experience building, mentoring, and leading senior-level cybersecurity teams.
  • Strong strategic, analytical, and communication skills, with the…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary