Manager, Cybersecurity Governance & Risk

About the position Boston Scientific is seeking an execution-driven leader with the vision and expertise to guide our Cybersecurity Governance and Risk Management strategy. As the Manager, Cybersecurity Governance & Risk, you will lead initiatives that strengthen our Cybersecurity Risk Management program, including third-party, M&A, risk assessment, remediation, and registry management, while advancing governance practices that protect and enable the company's growth. This key leadership role oversees our Governance team, responsible for policy and standards development, security awareness and education, metrics and communications, and the management of our global GRC tool. You'll collaborate across Cybersecurity, IT, and our global business units, cultivating partnerships with internal stakeholders and strategic external partners. Additionally, this role manages the intake and documentation processes that support operational excellence within the Cybersecurity organization.

Responsibilities

• Analyze the needs of the cybersecurity strategy and establish detailed objectives, goals, and priorities to drive Cybersecurity Governance and Risk Management initiatives, including the development of strategic roadmaps and Annual Operating Plan (AOP) submissions.
• Provide project management leadership for ongoing and future initiatives supporting the Cybersecurity Governance and Risk Management strategy across the enterprise.
• Lead and manage a team of Cybersecurity Governance and Risk Management analysts, including oversight of daily operations, eGRC tool maintenance, workload intake, and ticket management.
• Manage the Cybersecurity Governance and Risk Management budget, covering personnel (BSC and consultant), maintenance, travel, education, and miscellaneous expenditures.
• Lead a global Phishing Program reaching over 50,000 employees and end users through automation and scalable tools.
• Oversee procurement and renewal of contracts supporting the Cybersecurity Governance and Risk Management function.
• Lead enterprise-wide Cybersecurity Risk Management activities, including BSC and third-party risk assessments, remediation, reporting, and strategic planning-incorporating due diligence and risk processes for mergers and acquisitions.
• Develop and maintain Cybersecurity policies, standards, and documentation to support governance, cyber insurance, and compliance requirements.
• Drive Security Awareness and Education programs, fostering a cybersecurity-aware culture across a global organization with operations in APAC, Europe, and LATAM.
• Monitor and measure the effectiveness and maturity of the cybersecurity program through metrics, dashboards, and program-level KPIs.
• Conduct industry benchmarking and maintain awareness of evolving cybersecurity trends, sharing insights with leadership to support proactive and preventive risk mitigation.
• Demonstrate a primary commitment to patient safety and product quality by maintaining compliance with the Quality Policy and all documented quality processes and procedures.
• Influence key stakeholders and drive alignment in sensitive or complex scenarios, requiring strong communication and change management skills.
• Work on complex programs and challenges of broad scope, leveraging deep subject matter expertise to implement strategic policies, manage staff functions, and ensure adherence to budgets, schedules, and performance standards (this role does not include subordinate managers).

Requirements

• Bachelor's degree in Cybersecurity, Information Security or IT Security, Business, Finance, or other related area.
• 7+ years of experience in cybersecurity analysis, governance, risk, and compliance (GRC) within a global organization.
• Experience working in both in-person and virtual global team environments; demonstrated ability to work independently and collaboratively.
• Experience developing and maintaining working relationships with internal teams (Cybersecurity, IT, Business Units) and external partners (stakeholders, vendors).
• Experience managing program and operational budgets, vendor contracts, and procurement processes, including negotiations.
• Background in cybersecurity contract management, including Master Service Agreements (MSAs), software and subscription agreements, and professional services contracts.
• Experience creating and implementing cybersecurity GRC strategies aligned with organizational and regulatory requirements.
• Demonstrated ability to support progress on cybersecurity initiatives through structured problem-solving.

Nice-to-haves

• Experience at Boston Scientific or a similar-sized global medical device organization.
• MBA or other advanced degree
• Cybersecurity certifications (e.g., CISSP, CISM, CRISC, PCIP)
• Project management and Agile certifications (e.g., PMP, Scrum Master)

Apply tot his job Apply To this Job