Senior Director, Product Security

Innovation starts from the heart. Our Advanced Innovation & Technology (AI&T) teams harness the imagination, courage, and resourcefulness to think beyond what’s currently possible, and create solutions for patients many years into the future. If you’re an early-stage innovator, then Edwards AI&T team is the place for you to take the next steps in your career. We’ll give you the tools and resources you need to create groundbreaking innovations that shape the future of structural heart technology.

This role is foundational to Edwards’ evolving connected device portfolio and will operate as an independent Product Security function, distinct from Enterprise IT and Cybersecurity, while partnering closely with both.

How you'll make an impact:

• Provide enterprise-level strategic leadership for medical devices and digital health product cybersecurity across the full product lifecycle, with a strong hands-on orientation to product and device security.

• Own and represent Edwards’ product cybersecurity posture during regulatory inspections, FDA pre- and post-market submissions, and external audits, including SBOM management, vulnerability disclosure, and post-market surveillance.

• Communicate product cybersecurity risk to executive leadership, the ELT, and Board-level committees, including risk posture, incidents, mitigations, and residual risk acceptance.

• Serve as the primary Product Security voice to the Board, delivering quarterly updates that translate technical risk into clear business and patient impact.

• Lead response to significant product cybersecurity incidents, including decision-making, regulatory engagement, external communications, and post-incident reporting.

• Define, monitor, and report product security metrics and key risk indicators, including vulnerability trends, remediation effectiveness, control maturity, and residual risk.

• Oversee security architecture and controls for cloud-connected medical devices and digital health platforms (including AWS and GCP; Azure acceptable), ensuring secure operation, data integrity, privacy, and regulatory compliance.

What you'll need (Required)

• Bachelor’s or Master’s degree in a related field (e.g., computer science, engineering, information security, technology) or equivalent work experience based on Edwards criteria

• Extensive hands-on experience spanning the information and product security lifecycle, from concept through commercialization

• Demonstrated expertise in cloud security architectures for connected products, including experience securing regulated or medical devices integrated with cloud platforms

• Deep technical experience with embedded systems, firmware, device protocols, and physical device security frameworks

• Proven experience operating in regulated environments, supporting audits, inspections, and compliance requirements

What else we look for (Preferred)

• 15 years of previous related experience or equivalent work experience based on Edwards criteria

• Relevant certifications (e.g., CISSP, CISM, CSSLP, CCSP, GIAC)

• This role is based on-site in Irvine, CA, with 100% in-office presence required

• Ability and willingness to operate in a hands-on, builder role rather than solely through delegation

• Product security experience in medical devices, connected devices, semiconductors, or other regulated technology industries (e.g., implanted devices, connected health, imaging systems)

• Experience navigating real-world product security incidents, vulnerabilities, or regulatory escalations and driving corrective actions

• Experience securing IoT, AI-enabled, and embedded systems beyond traditional endpoint or enterprise IT security

• Strong grounding in Secure Software Development Lifecycle (SSDLC), including writing testable cybersecurity requirements and validation plans

• Background in DevSecOps / DevCloudSecOps, embedding security into CI/CD pipelines and cloud environments

• Knowledge of FDA cybersecurity guidance, IEC 80001-2-2, and related regulatory standards

• Experience with risk management frameworks and security standards (e.g., NIST, ISO/IEC 27001, COBIT)

• Familiarity with data protection technologies, threat management, and vulnerability testing

• People leadership experience is a plus but not the primary differentiator; technical depth and product credibility are prioritized

• Exceptional communication and stakeholder influencing skills across senior and executive audiences

• Strong analytical, organizational, and decision-making capabilities in fast-paced, evolving environment

• Own security design at the device-to-cloud boundary, including secure data transmission, protocol governance, and lifecycle risk management.

• Provide subject matter expertise across key security domains such as vulnerability management, threat intelligence, embedded systems security, and cloud security, including executive-level briefings.

• Personally contribute to security requirements, design reviews, test strategies, penetration testing programs, and vulnerability mitigation planning for connected products.

• Lead and develop a small, highly technical team (initially 1–3 direct reports) aligned to R&D and Product organizations.

• Partners functionally with R&D, Product, Regulatory, Quality, and IT teams to translate business and regulatory requirements into practical, enforceable security controls.

• Conduct security assessments, audits, and risk reviews to proactively identify and mitigate product, platform, and cloud risks.

• Maintain awareness of emerging threats, vulnerabilities, and regulatory expectations to proactively reduce product security risk.

• Promote secure-by-design and secure-by-default practices throughout the product lifecycle.

• Assess security needs and deliver solutions through proposal development, prioritization, and implementation aligned with business and regulatory objectives.

Aligning our overall business objectives with performance, we offer competitive salaries, performance-based incentives, and a wide variety of benefits programs to address the diverse individual needs of our employees and their families.For California (CA), the base pay range for this position is $209,000 to $296,000 (highly experienced).The pay for the successful candidate will depend on various factors (e.g., qualifications, education, prior experience).Applications will be accepted while this position is posted on our Careers website.

Edwards is an Equal Opportunity/Affirmative Action employer including protected Veterans and individuals with disabilities.

COVID Vaccination Requirement

Edwards is committed to protecting our vulnerable patients and the healthcare providers who are treating them. As such, all patient-facing and in-hospital positions require COVID-19 vaccination. If hired into a covered role, as a condition of employment, you will be required to submit proof that you have been vaccinated for COVID-19, unless you request and are granted a medical or religious accommodation for exemption from the vaccination requirement. This vaccination requirement does not apply in locations where it is prohibited by law to impose vaccination.