The Lead Information Security Engineer is a senior cybersecurity leader responsible for protecting the organization's digital ecosystem across product development, manufacturing, and enterprise IT systems. This role ensures the security of connected medical/surgical devices, intellectual property, and regulated environments, while maintaining compliance with cybersecurity guidance, ISO standards, and global regulations.
This position plays a critical role in enabling secure product innovation, patient safety, and operational resilience across the device lifecycle.
This REMOTE opportunity is not eligible for employer-visa sponsorship
Key Responsibilities:
Security Operations & Incident Response
Lead detection and response for incidents affecting: manufacturing systems (OT/ICS), connected medical/surgical devices, and enterprise IT environments
Manage SOC operations with prioritization of IT security, production integrity, and supply chain impact
Investigate and respond to incidents involving intellectual property theft, disruptions and/or ransomware affecting production lines, and IT vulnerabilities
Lead regulatory-aligned incident handling and disclosure (local/global authorities)
Production & IT Security (Critical Focus Area)
Partner with IT, production, and engineering to embed secure-by-design principles across the IT & product lifecycle
Conduct threat modeling and security risk assessments for surgical and medical devices
Support compliance with IT security guidance, SOX, ISO27001 & EU GDPR / NIS2
Identify and remediate product vulnerabilities (secure firmware, APIs, connectivity)
Support coordinated vulnerability disclosure (CVD) processes
Manufacturing & Operational Technology (OT) Security
Secure manufacturing environments (plants, production lines, robotics, control systems)
Implement segmentation between IT and OT networks
Lead vulnerability and patch management for industrial control systems
Reduce risk to production continuity and product integrity
Threat & Vulnerability Management
Monitor threat landscape with emphasis on nation-state attacks targeting IP, supply chain compromise, medical device exploitation
Lead proactive threat hunting across cloud environments, OT/manufacturing systems, & product telemetry (if applicable)
Drive enterprise-wide vulnerability management with prioritization based on patient and product impact
Security Engineering & Architecture
Implement Zero Trust principles across corporate IT and manufacturing environments
Drive consolidation and optimization of SIEM/XDR (Sentinel, Defender, etc.), identity platforms (Entra ID, PAM), data protection tools (DLP, encryption for IP and regulated data)
Secure cloud platforms supporting R&D, analytics, and digital health capabilities
Regulatory Compliance & Risk Management
Ensure alignment with SOX, ISO 27001, NIST CSF / NIST 800-53 & Global data protection regulations (GDPR where applicable)
Lead cyber risk assessments tied to patient safety, product risk, and regulatory exposure
Support internal and external audits and regulatory inspections
Translate cybersecurity risk into business impact (recalls, production disruption, liability)
Data Protection & Intellectual Property Security
Protect sensitive data, designs, and trade secrets
Implement controls for secure collaboration with third-party manufacturers and partners and data encryption and access governance
Monitor for data exfiltration and insider threats
Leadership & Mentorship
Provide technical leadership across security operations and engineering functions
Mentor analysts and engineers on IT/OT security, production security, and incident response in regulated environments
Act as escalation point for high-impact security events affecting products or manufacturing
Stakeholder Collaboration
Partner with CIO, CISO, and Chief Product/Engineering Officers, Quality & Regulatory Affairs, Manufacturing / Plant leadership & Legal and Compliance teams
Communicate cybersecurity risks in terms of IT security & safety, regulatory impact and revenue / production risk
Job Requirements
Bachelor's degree in Cybersecurity, Engineering, IT, or related field (or equivalent experience)
5+ years of experience in cybersecurity, with exposure to regulated industries or manufacturing environments, with hands-on experience with SIEM/XDR platforms, endpoint, network, and cloud security and/or vulnerability and incident response programs
Preferred Experience:
Strong knowledge of Security frameworks (NIST, ISO 27001), Identity and access management& network segmentation and Zero Trust principles
Experience in medical device, healthcare technology, or manufacturing (OT/ICS)
Familiarity with ISO27001, NIS2, SOX, NIST CF 800-53, & EU GDPR
Preferred Certifications: CISSP, CEH, GIAC & GICSP (Industrial Control Systems) or HCISPP (strong plus)
Experience with IT/Production security testing, Threat modeling (e.g., STRIDE), Secure SDLC practices
This position is not eligible for employer-visa sponsorship
Disclosure as required by applicable law, the annual salary range for this position is $104,134 - $163,640. The actual compensation may vary based on geographic location, work experience, education and skill level. The salary range is CONMED's good faith belief at the time of this posting.
This job posting is anticipated to close on August 12, 2026. We may, however, extend this time period, in which case the posting will remain available on careers.conmed.com. Please submit your application as soon as possible as we will be reviewing applications on a rolling basis as we receive them.
Benefits:
CONMED offers a wide array of benefits to fit your unique needs. Visit our Benefits Page for more information.
Know someone at CONMED? Have them submit you as a referral before applying for this position to be eligible for our Employee Referral Program incentives!
CONMED is an equal opportunity employer and does not discriminate on the basis of any legally protected status or characteristic. Protected veterans and individuals with disabilities are encouraged to apply. The Know Your Rights: Workplace Discrimination is Illegal Poster reaffirms this commitment.
Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
If you feel you need a reasonable accommodation pursuant to the ADA, you are encouraged to contact us at 800-929-7176 option #5.