Director - Product Security

As a global medtech company, we are driven by our Vision of changing the trajectory of lives for a new day and our Mission to create ingenious solutions that ignite patient turnarounds. Our relentless commitment to patients and strong legacy of innovation in healthcare are the foundation of our future. If you're looking for a new chance, a new beginning, a new trajectory, LivaNova is where your talent can truly thrive. Join our talented team members worldwide to become a pioneer of tomorrow-because at LivaNova, we don't just treat conditions - we aspire to alter the course of lives.

Job Summary:

The Director of Product Security is a key leadership role responsible for the strategic vision, execution, and oversight of the company's product security program. This executive will lead a dedicated team to manage the cybersecurity posture of our medical device portfolio throughout its entire lifecycle, from design and development through post-market surveillance. The role is a direct response to a complex and evolving regulatory environment, including new requirements from the FDA, and is critical to ensuring patient safety, maintaining market access, and protecting the company's reputation and long-term business growth. The ideal candidate is a hands-on, visionary leader with deep technical knowledge, a strong understanding of medical device regulations, and exceptional communication skills to drive change across the organization and engage with external stakeholders.

Houston, TX is the ideal location for this role, but this is open to Remote opportunities for well-qualified individuals.

Key Responsibilities:

• Strategic Leadership & Program Management:

  • Define and execute a comprehensive product security strategy that aligns with business priorities, FDA/MDR/524B expectations, and Quality Management System (QMS) requirements.

  • Build, lead, and mentor a high-performing team of product security professionals, fostering their technical and leadership skills.

  • Manage and allocate human and financial resources to achieve strategic objectives.

• Secure Product Development Lifecycle (SDLC):

  • Drive a "shift-left" security strategy, integrating security controls and best practices into all stages of the product lifecycle.

  • Oversee a rigorous threat modeling program and lead cybersecurity risk assessments for all new and existing products.

  • Champion DevSecOps principles and automate security controls and testing within CI/CD pipelines.

  • Provide architectural guidance on secure design, including implementing security controls such as secure boot, firmware signing, and encryption.

• Regulatory Compliance & Governance:

  • Ensure all required cybersecurity documentation, including risk assessments and SBOMs, is prepared and submitted for premarket applications (510(k), PMA).

  • Manage the generation and maintenance of SBOMs and VEX (Vulnerability Exploitability eXchange) documents to ensure transparency and enable targeted, actionable risk management for regulators and customers.

  • Act as the senior product security subject matter expert, representing the company during FDA and other international regulatory inspections.

• Post-Market Surveillance & Incident Response:

  • Oversee the post-market surveillance program to continuously monitor field devices for emerging threats and vulnerabilities.

  • Lead and manage the security incident response process, including coordinated vulnerability disclosure, containment, root cause analysis, and remediation.

  • Develop and execute plans for communicating security updates and patches to customers and stakeholders.

• Cross-Functional Collaboration & Stakeholder Engagement:

  • Partner with R&D, Engineering, Quality, Regulatory Affairs, and Legal teams to embed security practices and ensure a comprehensive approach to product safety.

  • Serve as the primary security consultant to the organization, articulating technical challenges and mitigation plans to senior management and external stakeholders in a clear, non-technical manner.

  • Engage with customers, hospital IT/IS staff, and industry partners to translate technical requirements into business and clinical impact and build trust in the company's products.

  • Oversee external communications regarding program and product vulnerabilities

  • Develop and execute strategies for external presence and participation in industry groups, conferences and thought leadership activities

Required Skills & Qualifications:

• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related engineering discipline, with 15 or more years of technical experience in the medical device industry.

• Experience: A minimum of 10 years of progressive experience in cybersecurity, with at least 5 years in a leadership or director-level role. At least 3 years of experience integrating security into embedded systems or connected medical devices in a regulated product development environment is essential.

• Technical Knowledge: Deep expertise in secure SDLC, threat modeling, and vulnerability management. Strong understanding of cybersecurity landscape, embedded systems security, IoT security, and cloud architectures

• Certifications: Industry-recognized certifications such as CISSP, CISM, or CSSLP are highly valued.

• Regulatory Acumen: Proven experience navigating cybersecurity requirements for FDA 510(k) and PMA submissions

• Soft Skills: Exceptional leadership, communication, and problem-solving skills with a proven ability to drive clarity and consensus across broad organizations.

Pay Transparency: A reasonable estimate of the annual base salary for this position is $185,000 - $225,000 + discretionary annual bonus. Pay ranges may vary by location.

Employee benefits include:

• Health benefits - Medical, Dental, Vision

• Personal and Vacation Time

• Retirement & Savings Plan (401K)

• Employee Stock Purchase Plan

• Training & Education Assistance

• Bonus Referral Program

• Service Awards

• Employee Recognition Program

• Flexible Work Schedules