Senior Director of Information Security and Compliance

CONMED is a progressive, growing medical device manufacturer with a global footprint. Through our products, we enable healthcare providers around the world to deliver exceptional outcomes for patients. Our Global IT team is integral to the success of delivering on our mission and vision.

The Senior Director of Information Security & Compliance is accountable for ensuring the global information security and the associated statutory compliance across the company, including customer, personnel, product, operational, and other information which we store/transmit/manage/process. Ensures alignment of security strategy with business direction, communicates the strategy to various stakeholders, and oversees processes to ensure adherence. Also accountable for leading the security teams that manage security technology, monitor and respond to events, ensure compliance with government laws and contractual customer information security requirements.

Key Duties and Responsibilities:

• Plan, direct and manage the global information security function for both information technology and communications systems for the company; includes all software, hardware, network infrastructure, and vendors hosting or accessing data on behalf of the company.
• Accountable for building and maintaining a high performing team.
• Achieve & maintain high Employee Engagement within the Security & Compliance function.
• Achieve & maintain high Customer Satisfaction on services provided by the Security & Compliance function.

Activities:

• Develop and evolve information security strategy in alignment with company direction and based on current best practices, emerging trends in our threat landscape, and customer and government requirements regarding information security and data privacy, while balancing risk with spend and our ability to operate. Information Security strategy & tactics must include:
  • Identification: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
  • Protection: Develop and implement appropriate safeguards to ensure protection of the enterprise's assets, including measurement tools for system vulnerability assessments
  • Detection: Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event
  • Response: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event, minimizing the impact of security events
  • Recovery: Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event
  • Measure: Develop metrics to show the effectiveness of the information security systems and report results to management in an effective manner that aligns with corporate goals
• Plan, direct, and manage the IT general controls compliance function to ensure the security, accuracy and reliability of the systems that manage and report the company's data, including financial data.
• Communicate all applicable (for all countries in which we operate) government information security requirements and associated risks to business decision makers
• Assess disaster recovery and business continuity plans with respect to commercially reasonable practices. Work with peers to appropriately coordinate and communicate activities in alignment with overall corporate and IT strategic intent.

Required Qualifications:

• Bachelor's Degree in cybersecurity, computer science, information technology, management information systems or related field
• 10+ years experience in security operations specifically in managing engineering teams and respective technologies
• 10+ years experience with cyber maturity framework, specifically NIST CSF 2.0, CIS 18, and ISO 27001:2022.
• 10+ years in cybersecurity and related areas including knowledge and understanding of relevant legal, regulatory and privacy requirements for a global organization

Compliance and Privacy Expertise:

• Compliance & Privacy Expertise
• Deep understanding of SOX (Sarbanes-Oxley Act) controls and audit requirements.
• Experience implementing and maintaining GDPR compliance programs.
• Familiarity with GRC (Governance, Risk, and Compliance) platforms and frameworks.
• Knowledge of privacy regulations for companies with a significant presence internationally (China, Brazil, Spain, EU, UK), and global data protection laws.
• Ability to lead cross-functional teams in privacy impact assessments and data governance.
• Experience working with legal and compliance teams to manage regulatory risk.

Preferred Qualifications:

• Master's degree in Business Administration, Computer Science, or related field
• CISSP Certification
• 5+ years of management experience or demonstrated leadership acumen
• Medical Device industry experience

Other Attributes:

• Leadership Skills:Strong leadership and team management skills to guide and motivate teams through complex changes.
• Communication Skills:Excellent verbal and written communication skills to effectively convey information and engage stakeholders.
• Analytical Skills:Strong analytical and problem-solving skills to identify risks and develop effective mitigation strategies.
• Certifications:Relevant certifications in change management (e.g., Prosci, CCMP) and project management (e.g., PMP) are highly desirable
• Communication:Excellent communication skills, both written and verbal, to effectively convey BI strategies and results to stakeholders.
• Collaboration:Ability to work collaboratively with various departments, including IT, marketing, and customer service, to achieve project goal
• Experience in fast-paced global multinational matrix organization
• Strong communication and influencing skills
• Fluent verbal and written communication in English
• Hands-on and proactive; strong organizational skills
• Results driven and service oriented to internal and external customers
• Demonstrated history of consistent goal achievement in a highly competitive environment

20-40% Travel

Disclosure as required by applicable law, the annual salary range for this position is 180,000- 290,000. The actual compensation may vary based on geographic location, work experience, education, and skill level. The salary range is CONMED's good faith belief at the time of this posting.

This role is not eligible for sponsorship.

This job posting is anticipated to close on September 26, 2025. We may, however, extend this time period, in which case the posting will remain available on careers.conmed.com. Please submit your application as soon as possible as we will be reviewing applications on a rolling basis as we receive them.

Benefits:

CONMED offers a wide array of benefits to fit your unique needs. Visit our Benefits Page for more information.

• Competitive compensation
• Excellent healthcare including medical, dental, vision and prescription coverage
• Short & long term disability plus life insurance -- cost paid fully by CONMED
• Retirement Savings Plan (401K) -- CONMED matches your contributions dollar for dollar, with the potential for up to 7% per pay period
• Employee Stock Purchase Plan -- allows stock purchases at discounted price
• Tuition assistance for undergraduate and graduate level courses

Know someone at CONMED? Have them submit you as a referral before applying for this position to be eligible for our Employee Referral Program incentives!

CONMED is an equal opportunity employer and does not discriminate on the basis of any legally protected status or characteristic. Protected veterans and individuals with disabilities are encouraged to apply. The Know Your Rights: Workplace Discrimination is Illegal Poster reaffirms this commitment.

Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

If you feel you need a reasonable accommodation pursuant to the ADA, you are encouraged to contact us at 800-929-7176 option #5.