Senior Director - Product Security
Career-defining. Life-changing.
At iRhythm, you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what’s possible. We think big and move fast, driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career
About This Role:
As Senior Director, Product Security, you will define and lead the product security strategy for our medical device portfolio, ensuring robust protection of patient data, device integrity, and regulatory compliance. You will partner with executive leadership, engineering, product management, regulatory, quality, and privacy teams to embed security across the product lifecycle, drive continuous improvement, and represent the organization externally on security matters.
Key Responsibilities:
Strategic Leadership & Program Oversight
Develop and execute a comprehensive product security strategy aligned with business and regulatory objectives.
Lead the Product Security function, building and mentoring a high-performing team of security professionals.
Establish and refine security governance frameworks, policies, and best practices for medical device development and deployment.
Partner with senior executives to prioritize security investments, allocate resources, and balance risk mitigation with innovation.
Product Security Management
Oversee end-to-end product security management, including risk assessments, threat modeling, vulnerability management, and incident response.
Ensure compliance with FDA, HIPAA, GDPR, and international cybersecurity regulations and standards (e.g., NIST, EU MDR, IEC 62304).
Guide secure design reviews, SBOM management, and security documentation for pre- and post-market activities.
Champion secure coding practices and collaborate with development teams to integrate security into SDLC and PDLC.
Cross-Functional Collaboration
Drive alignment across engineering, regulatory, privacy, and quality teams to deliver secure products from concept through commercialization.
Act as the primary interface for product security with executive leadership, external partners, and regulatory agencies.
Synthesize complex technical and regulatory information into clear communications for senior stakeholders.
Team Development & Leadership
Recruit, mentor, and develop a team of product security experts, fostering a culture of accountability, collaboration, and professional growth.
Provide coaching and thought leadership to elevate the product security discipline across the organization.
Qualifications
Bachelor’s degree in Computer Science, Engineering, Information Security, or related field; advanced degree preferred.
15+ years of progressive experience in information security, product security, or medical device development, with at least 8+ years in leadership roles.
Deep expertise in security principles, methodologies, and tools for medical devices, including risk assessment, threat modeling, vulnerability management, and incident response.
Experience with medical device design control requirements, secure coding practices, and regulatory processes.
Proven track record of leading cross-functional teams to deliver secure hardware/software products in regulated environments.
Strong understanding of FDA, HIPAA, GDPR, NIST, and international cybersecurity frameworks.
Exceptional leadership, communication, and stakeholder management skills.
Industry certifications (CISSP, CISM, CISA, or medical device security-specific certifications) preferred.
Ability to influence without authority and navigate matrixed organizations.
Location:
Remote - US
Actual compensation may vary depending on job-related factors including knowledge, skills, experience, and work location.
Estimated Pay Range
$215,000.00 - $280,000.00
As a part of our core values, we ensure an inclusive workforce. We welcome and celebrate people of all backgrounds, experiences, skills, and perspectives. iRhythm Technologies, Inc. is an Equal Opportunity Employer. We will consider for employment all qualified applicants with arrest and conviction records in accordance with all applicable laws.
iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including those who may have any difficulty using our online system. If you need such an accommodation, you may contact us at taops@irhythmtech.com
About iRhythm Technologies iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease. Combining wearable biosensors and cloud-based data analytics with powerful proprietary algorithms, iRhythm distills data from millions of heartbeats into clinically actionable information. Through a relentless focus on patient care, iRhythm’s vision is to deliver better data, better insights, and better health for all.
Make iRhythm your path forward. Zio, the heart monitor that changed the game.
There have been instances where individuals not associated with iRhythm have impersonated iRhythm employees pretending to be involved in the iRhythm recruiting process, or created postings for positions that do not exist. Please note that all open positions will always be shown here on the iRhythm Careers page, and all communications regarding the application, interview and hiring process will come from a @irhythmtech.com email address. Please check any communications to be sure they come directly from @irhythmtech.com email address. If you believe you have been the victim of an imposter or want to confirm that the person you are communicating with is legitimate, please contact taops@irhythmtech.com. Written offers of employment will be extended in a formal offer letter from an @irhythmtech.com email address ONLY.
For more information, see https://www.ftc.gov/business-guidance/blog/2023/01/taking-ploy-out-employment-scams and https://www.ic3.gov/Media/Y2020/PSA200121
About the job
Apply for this position
Senior Director - Product Security
Career-defining. Life-changing.
At iRhythm, you’ll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what’s possible. We think big and move fast, driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career
About This Role:
As Senior Director, Product Security, you will define and lead the product security strategy for our medical device portfolio, ensuring robust protection of patient data, device integrity, and regulatory compliance. You will partner with executive leadership, engineering, product management, regulatory, quality, and privacy teams to embed security across the product lifecycle, drive continuous improvement, and represent the organization externally on security matters.
Key Responsibilities:
Strategic Leadership & Program Oversight
Develop and execute a comprehensive product security strategy aligned with business and regulatory objectives.
Lead the Product Security function, building and mentoring a high-performing team of security professionals.
Establish and refine security governance frameworks, policies, and best practices for medical device development and deployment.
Partner with senior executives to prioritize security investments, allocate resources, and balance risk mitigation with innovation.
Product Security Management
Oversee end-to-end product security management, including risk assessments, threat modeling, vulnerability management, and incident response.
Ensure compliance with FDA, HIPAA, GDPR, and international cybersecurity regulations and standards (e.g., NIST, EU MDR, IEC 62304).
Guide secure design reviews, SBOM management, and security documentation for pre- and post-market activities.
Champion secure coding practices and collaborate with development teams to integrate security into SDLC and PDLC.
Cross-Functional Collaboration
Drive alignment across engineering, regulatory, privacy, and quality teams to deliver secure products from concept through commercialization.
Act as the primary interface for product security with executive leadership, external partners, and regulatory agencies.
Synthesize complex technical and regulatory information into clear communications for senior stakeholders.
Team Development & Leadership
Recruit, mentor, and develop a team of product security experts, fostering a culture of accountability, collaboration, and professional growth.
Provide coaching and thought leadership to elevate the product security discipline across the organization.
Qualifications
Bachelor’s degree in Computer Science, Engineering, Information Security, or related field; advanced degree preferred.
15+ years of progressive experience in information security, product security, or medical device development, with at least 8+ years in leadership roles.
Deep expertise in security principles, methodologies, and tools for medical devices, including risk assessment, threat modeling, vulnerability management, and incident response.
Experience with medical device design control requirements, secure coding practices, and regulatory processes.
Proven track record of leading cross-functional teams to deliver secure hardware/software products in regulated environments.
Strong understanding of FDA, HIPAA, GDPR, NIST, and international cybersecurity frameworks.
Exceptional leadership, communication, and stakeholder management skills.
Industry certifications (CISSP, CISM, CISA, or medical device security-specific certifications) preferred.
Ability to influence without authority and navigate matrixed organizations.
Location:
Remote - US
Actual compensation may vary depending on job-related factors including knowledge, skills, experience, and work location.
Estimated Pay Range
$215,000.00 - $280,000.00
As a part of our core values, we ensure an inclusive workforce. We welcome and celebrate people of all backgrounds, experiences, skills, and perspectives. iRhythm Technologies, Inc. is an Equal Opportunity Employer. We will consider for employment all qualified applicants with arrest and conviction records in accordance with all applicable laws.
iRhythm provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including those who may have any difficulty using our online system. If you need such an accommodation, you may contact us at taops@irhythmtech.com
About iRhythm Technologies iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease. Combining wearable biosensors and cloud-based data analytics with powerful proprietary algorithms, iRhythm distills data from millions of heartbeats into clinically actionable information. Through a relentless focus on patient care, iRhythm’s vision is to deliver better data, better insights, and better health for all.
Make iRhythm your path forward. Zio, the heart monitor that changed the game.
There have been instances where individuals not associated with iRhythm have impersonated iRhythm employees pretending to be involved in the iRhythm recruiting process, or created postings for positions that do not exist. Please note that all open positions will always be shown here on the iRhythm Careers page, and all communications regarding the application, interview and hiring process will come from a @irhythmtech.com email address. Please check any communications to be sure they come directly from @irhythmtech.com email address. If you believe you have been the victim of an imposter or want to confirm that the person you are communicating with is legitimate, please contact taops@irhythmtech.com. Written offers of employment will be extended in a formal offer letter from an @irhythmtech.com email address ONLY.
For more information, see https://www.ftc.gov/business-guidance/blog/2023/01/taking-ploy-out-employment-scams and https://www.ic3.gov/Media/Y2020/PSA200121