Director, Cyber Security - Business Information Security Partner

Work Flexibility: Remote or Hybrid or Onsite

The position is responsible for the overall leadership and management of security program delivery across Stryker. This includes leading and directing cross-functional teams—both internal and external—to oversee the full lifecycle of security programs from inception, build, deployment, and steady-state operations. The director ensures that employees, budget, contractors, and plans are aligned to meet key security program commitments made to IT Leadership and the Stryker Board of Directors.

The role provides experienced leadership in security projects, operations, and initiatives to support security improvements and growth programs.

Key Responsibilities

• Business Interface Security Program (BISP):

  • Acts as the critical bridge between CCI and stakeholders across divisions, regions, and functions to ensure alignment between business strategies and cybersecurity objectives.

  • Embeds security expertise into business functions to enhance data and asset protection while minimizing operational friction.

• Product Security:

  • Establishes and maintains a security risk management process in collaboration with IT and DRE/Product Security, ensuring compliance with FDA regulations.

  • Manages exploitability assessments, design controls, validation of production processes, and corrective and preventive actions to address security risks throughout the device lifecycle.

• Security Architecture:

  • Defines and maintains IT security architecture for medical device interfaces (e.g., Palo Alto switches for Vocera).

  • Identifies risks, implements controls, and ensures device operations are secure from cyber threats.

• Vulnerability Management:

  • Develops and manages in-market cybersecurity monitoring and management processes.

  • Documents processes for continuous monitoring, patch issuance, updates, and securing devices against emerging threats.

• Regulatory Compliance and Documentation:

  • Manages IT communication on regulatory changes and prepares documentation for premarket submissions.

  • Ensures compliance with FDA guidelines and international standards.

• Program Leadership:

  • Provides leadership, vision, and management for security programs.

  • Oversees financial, project, PMO, and legal aspects throughout solution design, build, and delivery phases.

• Stakeholder Engagement:

  • Advises the Sr. Director, CCI, and other stakeholders on security program delivery status.

  • Partners with the CCI leadership team to ensure program requirements and budgets are maintained.

• Innovation & Continuous Improvement:

  • Conducts assessments of new security technologies to improve CCI's mission of protecting Stryker’s data and assets.

• Performance Management:

  • Evaluates employee performance, sets standards, and provides recognition, training, and development opportunities.

• Incident Management:

  • Oversees responses to major security incidents across the company.

• External Vendor Management:

  • Finalizes deals with external vendors, monitors implementation, and recommends corrective actions within authorized budgets.

• Executive Communication:

  • Prepares presentation materials for the CIO/CISO to deliver updates on cybersecurity initiatives to the Stryker Board of Directors.

• Security Reviews:

  • Drives security reviews, risk assessments, and security requirements for all Stryker IS projects.

  • Collaborates with GIO, Business Partners, IT, R&D, and Governance teams.

• Portfolio Management:

  • Plans and coordinates the CCI global portfolio, keeping the Sr. Director, CCI, informed.

• Functional Reviews:

  • Leads and participates in bi-annual functional reviews with the CIO/CISO.

Education and Special Trainings

• Bachelor's degree required (equivalent years of relevant experience may be considered).

• A Master’s degree in Management of Information Systems (MIS), Business Administration (MBA), or a related discipline is preferred.

Required Qualifications

• 10+ years of professional experience in IT/IS or a related business discipline.

• 7+ years of management experience.

• 5+ years of extensive cybersecurity knowledge, with basic understanding of adjacent processes, organizations, and tools.

• Demonstrated professional experience in IS or related business areas.

Travel Percentage: 40%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.