VP, IT Enterprise and Cyber Security, Critical Care

For over 50 years, the Critical Care business within Edwards Lifesciences (NYSE: EW) has operated at the intersection of groundbreaking medical innovation and improved patient care. Put simply, we exist because we’re committed to creating a world where every patient who should be monitored will be monitored with smart technology.  

With this impactful vision in mind, we are now embarking on becoming an independent business from Edwards, a process that we currently expect to be completed by January 2025.  

As Critical Care transitions to an independent company, we will continue to benefit from the expertise and experience of 4,000+ dedicated global employees, a vibrant innovation engine with strong investment in our future pipeline, and strong sales growth and profitability. We are well-positioned to build upon our category leadership as we continue to launch new solutions powered by A.I. to clinicians, and expand into new care settings.     

So, if you're a dynamic and passionate person who is eager to contribute to an innovative, industry-leading advanced monitoring company we invite you to explore our career opportunities. Those who choose to join us will be part of a ‘once-in-a-lifetime’ journey to improve the quality of care and outcomes for millions of patients around the world.  

Appendix:  

For further detail on the spin-off from Edwards Lifesciences, please consult this 2023 Investor Conference Presentation, pages 89-99: 

Critical Care is hiring a VP, IT Security (CISO).

In this role, you are a strategic, dynamic, and yet still an execution-focused information security leader. Your role will be to build the security ecosystem from the ground up and drive the evolution of the information security and cybersecurity programs in Critical Care.

This role will support enterprise , manufacturing plant, and medical device product security. Qualified candidates must have exposure to each of these domains as they have completely different security considerations. As the CISO, you are a member of the IT Leadership Team, and you will lead a team of engineers and architects, mentoring and coaching the team both as a people and technical leader.

This role requires someone with both security leadership experience and a foundation of technical, hands-on security experience. You must work in close partnership across all levels, regions, and business units, managing upwards and sideways. You understand the balance between domains and expertise, managing security without disrupting the business, and aligning to business strategy. People leadership is in your DNA and you are a strong collaborator.

This role is based in Irvine, California.

How you will make an impact:
 

• Direct the development, implementation and monitoring of a strategic, comprehensive enterprise IT security risk management program in collaboration with existing IT teams, to ensure the security, integrity, confidentiality and availability of digital information that is owned, controlled or processed by the organization where the scope and complexity of responsibilities require the integration of multiple disciplines and departments

• Plan and direct multiple strategic Information Security project portfolios activities with highest criticality including prioritizing and selecting appropriate projects (e.g., design of IT Security technologies-based SANS 20 CSC standards framework, compliance monitoring, IT security risk assessments). Lead in identifying risk, developing complex mitigation strategies, alternative solutions, critical path, resolving issues in collaboration with project managers

• Manage defined set of business applications or technologies to ensure performance according to business needs and IT standards

• Set overall IT cyber security strategy including efforts to reengineer and optimize business processes and systems by assessing business needs and developing, proposing and implementing technology solution options

• Analyze, formulate and present recommendations to advise and guide executive level leadership; develop and deliver executive level communication across functions that impact multiple areas of the business

• Lead the implementation of necessary IT information security standards, procedures and guidelines including owning the lifecycle of technologies and services in compliance with company policies

• Lead the creation, communicate and implementation of a risk-based process for IT vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers

• As a thought leader, participate in external conferences as a speaker evangelizing the cause of security in healthcare (or other industry).

What you’ll need (Required):

• Bachelor's Degree and 17+ years’ experience (or Master's Degree and 15+ years’ experience)

• Expertise in the healthcare regulatory environment, including knowledge of HIPAA, HITRUST, GDPR, Sox etc

• Expertise in data protection processes and technologies, IT cyber threat management, incident response, vulnerability testing, Data Security, Architecture, Security Management Reports and Metrics ( including working with Legal).

• Leadership experience developing global policies and strategies in collaboration with existing IT, information and physical security teams to protect information technology assets and intellectual property.

• Expertise with design and architecture guidance for product level cyber security initiatives

• Expertise in standing up new Cyber, InfoSec and ProdSec strategies, roadmaps, and processes from the ground up

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate IT security and risk-related concepts to technical and non-technical audiences are required

• Expertise with multiple cloud platforms, risks and threats detection, and over multiple lanes of security

• Expert understanding of IT procedures with extensive and detailed knowledge of company allows for innovative concepts and promoting new ideas

• Expert understanding of related aspects of IT processes and/or equipment while ensuring processes and/or equipment are optimal across areas of responsibility including identifying applications of functional knowledge and existing methodologies to complex problems

• Expert understanding and knowledge of IT security standards and laws (e.g., SANS, ISO 27001/27002, NIST, FFIEC, etc.) and commonly used concepts, practices and procedures within the IT security field is required

• Expert knowledge of common IT security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST is required

• Expert knowledge of data privacy and protection regulations and appropriate operational safeguards

• Demonstrated ability to direct IT teams and provide coaching and feedback, including responsibility for all employee actions including hire/fire authority and partnering with HR on all aspects of employee relations

• Ability to develop and integrate metrics into the projects and operations that clearly demonstrate the value of IT to the business

• Ability to serve as core IT partner to senior leaders in Business Units, Functional Groups, Regions and IT.

• Ability to work and excel within a fast paced, dynamic, and constantly changing work environment

• Ability to ensure team alignment to strategic goals and initiatives through regular communication

• Ability to coach/mentor team members, including dotted line reports as necessary.  Align team members in roles to best take advantage of their strengths and to grow/diversify their skill sets

What else we look for (Preferred):

• Experience with manufacturing plant security platforms is strongly preferred

• Advanced certifications

Aligning our overall business objectives with performance, we offer competitive salaries, performance-based incentives, and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.

The base pay range for this position is $219,000 to $310,000 (highly experienced). The pay for the successful candidate will depend on various factors (e.g., geographic location, qualifications, education, prior experience).   

Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.

COVID Vaccination Requirement

Edwards is committed to complying with the requirements and guidance from our government authorities and to protecting our vulnerable patients and the healthcare providers who are treating them around the world. As such, all Healthcare Interacting positions require COVID-19 vaccination, which includes anyone who directly interfaces with patients and those who interact with healthcare providers as part of their role. If hired, as a condition of employment, you will be required to submit proof that you have been fully vaccinated for COVID-19, unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in countries where it is prohibited by law to impose vaccination. In countries where vaccines are less available, or other requirements exist, we may institute alternate measures that optimize patient safety and healthcare provider safety, which may include regular COVID testing or specific masking requirements.