Sr. Director, Product Security

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 115,000 colleagues serve people in more than 160 countries

WORKING AT ABBOTT: At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You’ll also have access to: Career development with an international company where you can grow the career you dream of Free medical coverage for employees* via the Health Investment Plan (HIP) PPO An excellent retirement savings plan with high employer contribution Tuition reimbursement, the Freedom 2 Save student debt program and FreeU education benefit - an affordable and convenient path to getting a bachelor’s degree A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists THE OPPORTUNITY: The Sr.

Director, Product Security is responsible for establishing and scaling a comprehensive product security program that ensures the security, safety, and regulatory compliance of all products across their lifecycle. This role drives the integration of security into engineering, R&D, and product development processes, enabling teams to deliver secure-by-design solutions.

The leader partners across divisions to standardize practices, manage risk, and ensure readiness for audits, certifications, and emerging regulatory requirements. Additionally, this role oversees incident preparedness and response capabilities to protect patients, customers, and business operations.

The position plays a critical role in enabling innovation while maintaining strong governance and trust. This role requires a strong on-site presence to effectively support engineering, R&D, and product teams in the integration of product security practices throughout the development lifecycle.

The Sr. Director is expected to be onsite a minimum of four days per week to enable close collaboration, drive alignment, and provide timely guidance on security, regulatory, and risk-related matters. Given the need for consistent engagement with cross-functional stakeholders and leadership, candidates must reside within the local Twin Cities area or be able to meet this expectation.

MAIN RESPONSIBILITIES Strategy, Governance & Risk Define and execute the enterprise product security strategy, aligned with regulatory, business, and risk objectives. Establish and maintain product security governance frameworks, including policies, standards, and controls.

Own product security risk management, including risk identification, prioritization, and mitigation across the portfolio. Lead development and adoption of secure-by-design and secure SDLC practices across engineering teams. security vulnerabilities, customer site and equipment protection, data loss/breach, and advanced persistent threat.

Lead long-term security capability development, including cryptographic modernization and resilience against emerging threats such as post-quantum computing. Product Security Engineering Enablement Partner with Engineering and R&D leaders to embed security into product development lifecycles.

Enable engineering teams through security tooling, automation, and developer-centric security guidance. Oversee and provide governance and guidance for vulnerability management and remediation activities across products and platforms. Regulatory, Audit & Quality Ensure alignment with FDA, EU MDR, and other global applicable medical device cybersecurity regulations.

Lead audit readiness and certification activities (e.g., ISO 13485, ISO 27001, IEC 62304, etc.). Partner with Quality and Regulatory teams to integrate product security into QMS processes. Define, track and report security KPIs and metrics for internal reporting and regulatory evidence.

Cross-Functional Leadership Drive cross-division collaboration to standardize product security practices across business units. Serve as a strategic advisor to executive leadership, legal, regulatory, and product teams on security risk. Influence product and business decisions to ensure appropriate security risk posture.

Culture & Executive Leadership Shape and promote a strong product security culture across engineering, R&D, and product organizations. Build, lead, and develop a high-performing product security organization, including hiring, mentoring, and succession planning.

Represent the organization in internal and external forums, including leadership reviews, regulatory discussions, and industry engagements. Undertake additional responsibilities as required to support evolving business and security priorities.

Required Qualifications Education Bachelors Degree (± 16 years) Information Security, Risk or IT Management, Computer Science, or related field An equivalent combination of education and work experience Minimum 12 years of work experience Experience working in a product engineering, support or Product/ Information security is required Deep expertise in product security, including application to medical devices and connected systems, with strong understanding of threat modeling, vulnerabilities, and patient/customer risk in a regulated environment.

Demonstrated knowledge of FDA cybersecurity guidance (premarket and postmarket ) and its application to product development, risk management, and lifecycle maintenance. Experience with medical device and software lifecycle standards, including IEC 62304, ISO 14971, and ISO 13485, with the ability to integrate security into quality and regulatory processes.

Familiarity with global cybersecurity and privacy frameworks such as NIST Cybersecurity Framework, NIST SSDF, ISO 27001, HIPAA/HITECH, and applicable EU regulations. Experience leading product security programs across the full lifecycle, including secure design, development, vulnerability management, postmarket monitoring, and incident response.

Proven ability to operate at a senior leadership level, influencing executive stakeholders and driving alignment across engineering, R&D, quality, regulatory, and business teams. Experience with software supply chain security practices, including SBOM, third-party risk management, and open-source security.

Strong understanding of modern security architectures and technologies, including cryptography, identity and access management, and secure communications (knowledge of emerging areas such as crypto agility and post-quantum considerations preferred).

Track record of building, leading, and developing high-performing teams in complex, matrixed organizations. Exceptional analytical, communication, and decision-making skills, with the ability to translate complex security risks into business-relevant outcomes.

The base pay for this position is $190,000.00 – $380,000.00 In specific locations, the pay range may vary from the range posted. JOB FAMILY: Information Risk & Quality Assurance DIVISION: BTS Business Technology Services LOCATION: United States > Minnesota > St.

Paul > Tech Center : One St Jude Medical Drive ADDITIONAL LOCATIONS: United States > Abbott Park : AP06C, United States > Chicago : Willis Tower Building 233 S Wacker Dr. WORK SHIFT: Standard TRAVEL: Yes, 15 % of the Time MEDICAL SURVEILLANCE: Not Applicable SIGNIFICANT WORK ACTIVITIES: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day) Abbott is an Equal Opportunity Employer of Minorities/Women/Individuals with Disabilities/Protected Veterans.

EEO is the Law link - English: http://webstorage.abbott.com/common/External/EEO_English.pdf EEO is the Law link - Espanol: http://webstorage.abbott.com/common/External/EEO_Spanish.pdf