Director, Security

Who We Are

ABOUT ENOVIS™

Enovis Corporation (NYSE: ENOV) is an innovation-driven medical technology growth company dedicated to developing clinically differentiated solutions that generate measurably better patient outcomes and transform workflows. Powered by a culture of continuous improvement, global talent and innovation, the Company's extensive range of products, services and integrated technologies fuels active lifestyles in orthopedics and beyond. For more information about Enovis, please visit www.enovis.com.

• Develop and execute a cohesive global cybersecurity strategy that directly supports the "One Enovis" IT transformation, corporate vision, and the drive for profitable, capital-efficient growth.
• Develop, own, and continuously mature the enterprise Information Security Program, aligned to NIST CSF, ISO 27001, and healthcare-specific frameworks.
• Define and enforce enterprise security policies, standards, and procedures across all global business units.
• Present security posture, risk metrics, and program updates to executive leadership and external auditors.
• Lead the organization's cyber risk management program, including risk assessment, risk register maintenance, and risk treatment planning.
• Manage the annual security budget; optimize spend across tools, services, staffing, and managed security providers.

• Oversee the 24x7 Security Operations Center (SOC) ensuring rapid detection and response to threats.
• Lead the Incident Response (IR) program: maintain and exercise IR plans, manage breach investigations, coordinate with legal, PR, and regulators.
• Drive vulnerability management, penetration testing, and programs to proactively identify and remediate exposures across all environments.
• Govern threat intelligence operations to anticipate emerging threats targeting healthcare organizations globally.

• Lead security architecture review for all major infrastructure and application initiatives, ensuring security-by-design.
• Oversee identity and access management (IAM/PAM) strategy, including MFA enforcement, SSO, and privileged access governance.

• Lead enterprise cybersecurity risk assessment and regulatory compliance including HIPAA, FDA cybersecurity requirements for medical devices, GDPR, and other global standards.

• Design and execute an enterprise-wide security awareness and training program tailored to all staff globally.
• Run simulated phishing and social engineering campaigns; track and report behavior metrics to leadership.
• Act as a security champion and culture carrier, fostering a 'security is everyone's responsibility' mindset across the global workforce.

• 7+ years' experience leading global cybersecurity teams and programs, preferably in medical technology, healthcare, or other highly regulated industries.
• Demonstrated success leading cybersecurity aspects of large-scale IT integrations, ERP transitions, systems harmonization, and M&A integrations within complex, multi-business-unit organizations.
• Proven ability to streamline and mature diverse security landscapes into efficient, scalable, enterprise-grade programs while supporting the unique needs of individual business units.
• Demonstrated experience in healthcare or another highly regulated industry.
• Deep hands-on knowledge of HIPAA Security Rule, HITRUST CSF, NIST CSF, and SOC 2 frameworks.
• Proven track record leading incident response for significant cybersecurity events, including ransomware and data breach scenarios.
• Experience managing and reporting to executive leadership and Board-level Risk/Audit committees.
• Strong knowledge of cloud security (AWS, Azure, GCP), zero trust architecture, and modern IAM/PAM solutions.
• Excellent communication skills: ability to translate complex security risk into clear business language.

• Up to 25%

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Spending and Savings Accounts
• 401(k) Plan
• Vacation, Sick Leave, and Holidays
• Income Protection Plans
• Discounted Insurance Rates
• Legal Services