Director Cybersecurity

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 115,000colleagues serve people in more than 160 countries.

JOB DESCRIPTION:

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and your family, be your true self, and live a full life. You'll also have accessto:

• Career development with an international company where you can grow the career you dream of.
• Employees can qualify for free medical coverage in our Health Investment Plan (HIP) PPO medical plan in the next calendar year.
• An excellent retirement savings plan with a high employer contribution.
• Tuition reimbursement, the Freedom 2 Save student debt program, and FreeU education benefit - an affordable and convenient path to getting a bachelor's degree.
• A company recognized as a great place to work in dozens of countries worldwide and named one of the most admired companies in the world by Fortune.
• A company that is recognized as one of the best big companies to work for as well as the best place to work for diversity, working mothers, female executives, and scientists.

• Direct and provide a strategic risk management vision that scales globally to effectively secure products and data without slowing company innovation and execution.
• Build and lead a high-performing, globally distributed security organization across the U.S., Spain, and India, including hiring strategy, team structure, operating model, and budget ownership.
• Drive a strong security culture within the security team and across the broader organization through clear expectations, enablement, and partnership with engineering leadership.
• Define and communicate security KPIs and metrics aligned to business initiatives (e.g., vulnerability SLAs, threat modeling coverage, security test automation, incident response readiness) and present them to non-technical stakeholders in an understandable manner.
• Own security policies, standards, and reference architectures for cloud, mobile, data pipelines, and AI/ML services, including protections against emerging threats and objectives for monitoring and response.
• Partner with Product and Engineering to embed security-by-design practices (threat modeling, secure SDLC, dependency and container security, secrets management, secure configuration baselines) into delivery workflows.
• Establish and evolve a security maturity model that reduces complexity, focuses on fundamentals, and is tracked over time with measurable improvements.
• Lead vulnerability management across applications, cloud infrastructure, and endpoints, including triage, remediation governance, and verification of fixes.
• Require and schedule independent verification and validation activities (penetration tests, red team exercises, security code reviews, and assessments) using internal resources and trusted third parties.
• Build and operate incident response capabilities, including on-call rotations, playbooks, tabletop exercises, and post-incident reviews that drive preventive actions.
• Partner with program teams for stringent vetting and continual assessment of the supply chain, including third-party risk management, SBOM/CBOM practices, and vendor security reviews.
• Partner with Quality and compliance stakeholders to ensure security requirements are incorporated into business processes and product development lifecycle controls.
• Partner with Regulatory Affairs, Quality, and Legal to translate regulatory and privacy requirements into practical, scalable controls (e.g., FDA expectations, HIPAA, GDPR, 21 CFR Part 11 where applicable).
• Conduct internal assessments and training to bolster security and regulatory compliance across the product portfolio and associated development resources.
• Provide regular reporting to senior management on the threat landscape, material risks, tactical controls, and strategic roadmap; communicate tradeoffs and decisions clearly.
• Develop security awareness training for all employees and allocate budget for ongoing technical training and certifications for security staff.
• Actively recruit and lead by example to create a respectful, inclusive culture where employees want to work; build partnerships with higher education to grow a pipeline of future talent.

• Bachelor's degree in computer science, engineering, or a related field, or equivalent practical experience.
• 15+ years in cybersecurity, product security, or security engineering, including 5+ years leading and scaling managers and/or globally distributed teams.
• Demonstrated experience building security programs (not just operating them), including org design, hiring, tooling strategy, and culture development.
• Strong background in secure software development practices for cloud and mobile products (secure SDLC, threat modeling, application security testing, dependency risk management).
• Experience securing cloud-native systems (e.g., AWS/Azure/GCP), including IAM, network security, logging/monitoring, secrets management, and infrastructure-as-code security.
• Experience leading vulnerability management and coordinating remediation across engineering organizations, with clear SLAs and verification practices.
• Proven incident response leadership, including building playbooks, running tabletop exercises, and driving post-incident corrective and preventive actions.
• Experience partnering with governance and compliance functions on risk assessments, exceptions, third-party risk, and audit readiness in regulated environments.
• Strong executive communication skills, with the ability to translate technical risks into business impact and influence decisions across cultures and time zones.
• Demonstrated ability to lead through influence in a fast-paced, cross-functional consumer technology and/or digital health environment.

• Experience scaling security teams across U.S., European, and Asian geographies, with sensitivity to cross-cultural leadership and distributed operating models.
• Experience with security in regulated industries (medical devices, digital health, or life sciences), including familiarity with standards and expectations (e.g., ISO 27001/27002, ISO 13485 intersections, IEC 62304 security considerations, FDA cybersecurity guidance).
• Experience securing IoT or biosensor data platforms, including telemetry integrity, device-to-cloud security patterns, and high-throughput data pipelines.
• Background in privacy engineering and data protection (PII/PHI), including DPIAs, data minimization, and cross-border data considerations.
• Experience with security testing and assurance approaches for AI/ML systems (model abuse cases and secure model deployment practices).
• Relevant certifications (e.g., CISSP, CISM, CCSP, GIAC) or equivalent demonstrated expertise.