Senior Director, Product Security

Career-defining. Life-changing.

At iRhythm, you'll have the opportunity to grow your skills and your career while impacting the lives of people around the world. iRhythm is shaping a future where everyone, everywhere can access the best possible cardiac health solutions. Every day, we collaborate, create, and constantly reimagine what's possible. We think big and move fast, driven by our commitment to put patients first and improve lives. We need builders like you. Curious and innovative problem solvers looking for the chance to meaningfully shape the future of cardiac health, our company, and your career

About This Role:

As Senior Director, Product Security, you will define and lead the product security strategy for our medical device portfolio, ensuring robust protection of patient data, device integrity, and regulatory compliance. You will partner with executive leadership, engineering, product management, regulatory, quality, and privacy teams to embed security across the product lifecycle, drive continuous improvement, and represent the organization externally on security matters.

Key Responsibilities:

Strategic Leadership & Program Oversight

• Develop and execute a comprehensive product security strategy aligned with business and regulatory objectives.
• Lead the Product Security function, building and mentoring a high-performing team of security professionals.
• Establish and refine security governance frameworks, policies, and best practices for medical device development and deployment.
• Partner with senior executives to prioritize security investments, allocate resources, and balance risk mitigation with innovation.

• Oversee end-to-end product security management, including risk assessments, threat modeling, vulnerability management, and incident response.
• Ensure compliance with FDA, HIPAA, GDPR, and international cybersecurity regulations and standards (e.g., NIST, EU MDR, IEC 62304).
• Guide secure design reviews, SBOM management, and security documentation for pre- and post-market activities.
• Champion secure coding practices and collaborate with development teams to integrate security into SDLC and PDLC.

• Drive alignment across engineering, regulatory, privacy, and quality teams to deliver secure products from concept through commercialization.
• Act as the primary interface for product security with executive leadership, external partners, and regulatory agencies.
• Synthesize complex technical and regulatory information into clear communications for senior stakeholders.

• Recruit, mentor, and develop a team of product security experts, fostering a culture of accountability, collaboration, and professional growth.
• Provide coaching and thought leadership to elevate the product security discipline across the organization.

• Bachelor's degree in Computer Science, Engineering, Information Security, or related field; advanced degree preferred.
• 15+ years of progressive experience in information security, product security, or medical device development, with at least 8+ years in leadership roles.
• Deep expertise in security principles, methodologies, and tools for medical devices, including risk assessment, threat modeling, vulnerability management, and incident response.
• Experience with medical device design control requirements, secure coding practices, and regulatory processes.
• Proven track record of leading cross-functional teams to deliver secure hardware/software products in regulated environments.
• Strong understanding of FDA, HIPAA, GDPR, NIST, and international cybersecurity frameworks.
• Exceptional leadership, communication, and stakeholder management skills.
• Industry certifications (CISSP, CISM, CISA, or medical device security-specific certifications) preferred.
• Ability to influence without authority and navigate matrixed organizations.