(Remote) Manager, GRC, Product Security

Posted:
7/30/2024, 5:00:00 PM

Location(s):
New York, New York, United States ⋅ California, United States ⋅ Chicago, Illinois, United States ⋅ Redmond, Washington, United States ⋅ Washington, District of Columbia, United States ⋅ Washington, United States ⋅ New York, United States ⋅ District of Columbia, United States ⋅ San Francisco, California, United States ⋅ Illinois, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Work Flexibility: Remote

It’s Time to Join Stryker!

Who We Want

Talent Developers. Growth-oriented managers who recruit and hire top-performing talent and prioritize the development of their team members.

Managers who drive performance. People who implement process improvements and leverage the talent of their team to consistently increase performance and productivity.

Collaborative partners. People who build and leverage cross-functional relationships to bring together ideas, information, and use cases to develop best practices and remove roadblocks for teams.

As a Manager in Governance, Risk, and Compliance (GRC) within our Product Security team, you'll play a pivotal role in ensuring the development, manufacturing, and maintenance of our medical devices meet the highest security and compliance standards. This position requires a thorough understanding of the regulatory landscape, including pre-market and post-market requirements, and the ability to develop and implement effective security controls and policies.

What You Will Do

  • Lead and Mentor: You will guide a dedicated team of Compliance Specialists and Process Owners, fostering a deep understanding of compliance requirements across various business units. Your mentorship will help shape the team's strategic direction and enhance their professional growth, ensuring alignment with organizational goals and continuous improvement in our compliance processes.
  • Reporting: You will Develop reporting metrics, dashboards and evidence of GRC activities and compliance, and assist in testing against the standards.
  • Collaborative Guidance: You will ensure the integration of GRC practices into every stage of the product lifecycle, from concept through post-market surveillance, aligning with business goals and regulatory compliance.
  • Regulatory Expertise: You will navigate the complex regulatory environments, both domestically and internationally, ensuring adherence to standards such as EU MDR, ISO 27001, NIST 800-53, and IEC 81001-5-1. Your role includes leading the preparation and management of regulatory filings and audits.
  • Policy and Process Development: You will craft and enforce security policies, processes and procedures that uphold secure software development and security operations within the context of medical devices.
  • Stakeholder Collaboration: Building strong relationships with internal teams, external partners, and regulatory bodies will be key. You will serve as a subject matter expert in GRC, advocating for security best practices.
  • Impact Through Influence: You will advocate for and implement GRC best practices across diverse teams, influencing product development and company culture towards heightened security and compliance.
  • Adaptive Expertise: Staying abreast of changing regulatory landscapes and seamlessly integrating these requirements into our operations will be a key measure of your effectiveness.
  • Proactive Strategy: You will use your insight to anticipate potential compliance challenges and devise effective strategies to address them. Your forward-thinking approach and problem-solving skills will contribute significantly to our organizational resilience.

What You Need

  • Bachelor’s degree in Computer Science, Information Technology or other related discipline required.
  • 10+ years of experience required.
  • 2+ years of leadership experience required.

What We Would Love That You Have (Preferred Qualifications)

(You do not need to have all of these)

  • MBA and/or MS preferred.
  • 3+ years in life sciences or medical device manufacturing.
  • Experience in GRC roles, preferably within the medical device or related healthcare sectors, with a proven track record in managing product security within a global regulatory framework.
  • Deep understanding of regulatory requirements, cyber security controls, GRC frameworks, and risk management, with familiarity in secure software development and product lifecycle management within the medical device context.
  • Experience in consultancy or advisory roles is beneficial, showcasing your ability to analyze, strategize, and effectively communicate complex security and compliance issues.
  • Strong capabilities in building relationships, communicating effectively, and collaborating across functions are essential. Your ability to lead by influence, drive process improvements, and cultivate a culture of security and compliance is crucial.
  • Experience with GRC tools and platforms such as OneTrust, along with data tools like Smartsheet for organizing and delivering high-quality dashboards and trackers, is highly valued.
  • Relevant cyber security certifications

  • $126,500 - $271,100 salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

Travel Percentage: 30%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.