AddressFor decades, Critical Care has operated at the intersection of groundbreaking medical innovation and improved patient care. Put simply, we exist because we’re committed to creating a world where every patient who should be monitored will be monitored with smart technology.
With this impactful vision in mind, we are now embarking on becoming an entirely independent business from Edwards Lifesciences (NYSE: EW), a process that is on track to be completed by January 2025.
As Critical Care transitions, we will continue to benefit from the expertise and experience of 4,000+ dedicated global employees, a vibrant innovation engine with 11% revenue re-invested in R&D, and strong sales growth and profitability. We will be well-positioned to pursue our focused strategy and build upon our category leadership in three important ways:
Accelerating the shift from classic monitoring solutions to smart monitoring technologies
Launching new, AI-enabled connected platforms to support our portfolio of products; and
Expanding into additional care settings with new, non-invasive monitoring technologies.
So, if you're a dynamic and passionate person, eager to contribute to a leading advanced monitoring company, we invite you to explore our career opportunities. Those who choose to join us will be part of a ‘once-in-a-generation’ journey to improve the quality of care and outcomes for millions of patients around the world.
For further detail on the spin-off from Edwards Lifesciences, please consult this 2023 Investor Conference Presentation, pages 89-99.
Critical Care is hiring a VP, IT Security (CISO).
In this role, you are a strategic, dynamic, and yet still an execution-focused information security leader. Your role will be to build the security ecosystem from the ground up and drive the evolution of the information security and cybersecurity programs in Critical Care.
This role will support enterprise , manufacturing plant, and medical device product security.: Qualified candidates must have exposure to each of these domains as they have completely different security considerations. As the CISO, you are a member of the IT Leadership Team, and you will lead a team of engineers and architects, mentoring and coaching the team both as a people and technical leader.
This role requires someone with both security leadership experience and a foundation of technical, hands-on security experience. You must work in close partnership across all levels, regions, and business units, managing upwards and sideways. You understand the balance between domains and expertise, managing security without disrupting the business, and aligning to business strategy. People leadership is in your DNA and you are a strong collaborator.
This role is based in Irvine, California.
How you will make an impact:
Direct the development, implementation and monitoring of a strategic, comprehensive enterprise IT security risk management program in collaboration with existing IT teams, to ensure the security, integrity, confidentiality and availability of digital information that is owned, controlled or processed by the organization where the scope and complexity of responsibilities require the integration of multiple disciplines and departments
Plan and direct multiple strategic Information Security project portfolios activities with highest criticality including prioritizing and selecting appropriate projects (e.g., design of IT Security technologies-based SANS 20 CSC standards framework, compliance monitoring, IT security risk assessments). Lead in identifying risk, developing complex mitigation strategies, alternative solutions, critical path, resolving issues in collaboration with project managers
Manage defined set of business applications or technologies to ensure performance according to business needs and IT standards
Set overall IT cyber security strategy including efforts to reengineer and optimize business processes and systems by assessing business needs and developing, proposing and implementing technology solution options
Analyze, formulate and present recommendations to advise and guide executive level leadership; develop and deliver executive level communication across functions that impact multiple areas of the business
Lead the implementation of necessary IT information security standards, procedures and guidelines including owning the lifecycle of technologies and services in compliance with company policies
Lead the creation, communicate and implementation of a risk-based process for IT vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
As a thought leader, participate in external conferences as a speaker evangelizing the cause of security in healthcare (or other industry).
What you’ll need (Required):
Bachelor's Degree and 17+ years’ experience (or Master's Degree and 15+ years’ experience)
Expertise in the healthcare regulatory environment, including knowledge of HIPAA, HITRUST, GDPR, Sox etc
Expertise in data protection processes and technologies, IT cyber threat management, incident response, vulnerability testing, Data Security, Architecture, Security Management Reports and Metrics ( including working with Legal).
Leadership experience developing global policies and strategies in collaboration with existing IT, information and physical security teams to protect information technology assets and intellectual property.
Expertise with design and architecture guidance for product level cyber security initiatives
Expertise in standing up new Cyber, InfoSec and ProdSec strategies, roadmaps, and processes from the ground up
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate IT security and risk-related concepts to technical and non-technical audiences are required
Expertise with multiple cloud platforms, risks and threats detection, and over multiple lanes of security
Expert understanding of IT procedures with extensive and detailed knowledge of company allows for innovative concepts and promoting new ideas
Expert understanding of related aspects of IT processes and/or equipment while ensuring processes and/or equipment are optimal across areas of responsibility including identifying applications of functional knowledge and existing methodologies to complex problems
Expert understanding and knowledge of IT security standards and laws (e.g., SANS, ISO 27001/27002, NIST, FFIEC, etc.) and commonly used concepts, practices and procedures within the IT security field is required
Expert knowledge of common IT security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST is required
Expert knowledge of data privacy and protection regulations and appropriate operational safeguards
Demonstrated ability to direct IT teams and provide coaching and feedback, including responsibility for all employee actions including hire/fire authority and partnering with HR on all aspects of employee relations
Ability to develop and integrate metrics into the projects and operations that clearly demonstrate the value of IT to the business
Ability to serve as core IT partner to senior leaders in Business Units, Functional Groups, Regions and IT.
Ability to work and excel within a fast paced, dynamic, and constantly changing work environment
Ability to ensure team alignment to strategic goals and initiatives through regular communication
Ability to coach/mentor team members, including dotted line reports as necessary. Align team members in roles to best take advantage of their strengths and to grow/diversify their skill sets
What else we look for (Preferred):
Experience with manufacturing plant security platforms is strongly preferred
Advanced certifications
Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.
COVID Vaccination Requirement
Edwards is committed to complying with the requirements and guidance from our government authorities and to protecting our vulnerable patients and the healthcare providers who are treating them around the world. As such, all Healthcare Interacting positions require COVID-19 vaccination, which includes anyone who directly interfaces with patients and those who interact with healthcare providers as part of their role. If hired, as a condition of employment, you will be required to submit proof that you have been fully vaccinated for COVID-19, unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in countries where it is prohibited by law to impose vaccination. In countries where vaccines are less available, or other requirements exist, we may institute alternate measures that optimize patient safety and healthcare provider safety, which may include regular COVID testing or specific masking requirements.
