Cybersecurity GRC Lead

Job description

What You'll Do: The Cybersecurity GRC Lead – Medical Devices (Continuous Control Monitoring Lead) is responsible for overseeing and coordinating cybersecurity governance, risk, and compliance (GRC) activities supporting medical devices produced and supported internationally. This role ensures that cybersecurity “run-the-business” controls and evidence-producing activities—such as access reviews, vulnerability scanning cadence, patch tracking, SBOM governance, and audit readiness—are properly planned, executed by the appropriate teams, and documented. This is a coordination, governance, and assurance role rather than a hands-on technical execution role. The position partners closely with Engineering/R&D, Quality, Regulatory Affairs, IT, and Information Security to maintain compliance with applicable standards and regulatory guidance and to ensure customer and regulatory cybersecurity requirements are tracked through completion. Governance & Program Oversight: - Own and maintain the medical device cybersecurity GRC plan, calendar, and control schedule (monthly, quarterly, and annual activities). - Ensure cybersecurity roles, responsibilities, RACIs, and escalation paths are defined a...