At Zimmer Biomet, we believe in pushing the boundaries of innovation and driving our mission forward. As a global medical technology leader for nearly 100 years, a patient’s mobility is enhanced by a Zimmer Biomet product or technology every 8 seconds.
As a Zimmer Biomet team member, you will share in our commitment to providing mobility and renewed life to people around the world. To support our talent team, we focus on development opportunities, robust employee resource groups (ERGs), a flexible working environment, location specific competitive total rewards, wellness incentives and a culture of recognition and performance awards. We are committed to creating an environment where every team member feels included, respected, empowered and recognised.
What You Can Expect
Deputy Chief Information Security Officer (Deputy CISO) at the Senior Director level will serve as the principal operational and strategic partner to the CISO. This executive-level role is responsible for leading the day-to-day operation of the enterprise information security program across a complex, global medical device and digital health environment. The Deputy CISO will drive security strategy, governance, risk management, and compliance initiatives while ensuring the protection of patient data, intellectual property, and critical business systems. This leader will act as CISO in the absence of the CISO and will be a key voice in shaping Zimmer Biomet's security posture in alignment with regulatory requirements including FDA cybersecurity guidance, HIPAA, SOX, and international frameworks.
How You'll Create Impact
- Serve as the primary operational leader of the enterprise information security program, deputizing for the CISO and maintaining continuity of security leadership across global operations.
- Develop, execute, and continuously mature the enterprise cybersecurity strategy, roadmap, and multi-year investment plan in alignment with business objectives and regulatory requirements.
- Oversee the Security Engineering, Architecture and Advisory, and Security Operations Center (SOC) teams, ensuring alignment and hand-off in shared projects and incident response.
- Partner with Legal, Compliance, Privacy, and Regulatory Affairs to ensure security controls support product lifecycle requirements, including pre-market and post-market cybersecurity obligations for connected medical devices.
- Build, mentor, and retain a high-performing, globally distributed information security team; establish clear performance expectations, career development pathways, and succession plans.
- Manage the information security budget, vendor relationships, and technology portfolio, ensuring cost-effective allocation of resources and alignment with enterprise architecture standards.
- Serve as a key stakeholder in M&A due diligence and integration activities, assessing cybersecurity risk profiles of target organizations and leading post-merger security integration efforts.
- Represent the information security function in executive forums, regulatory engagements, customer inquiries, and external audits; serve as a credible spokesperson on cybersecurity matters.
- Establish and maintain security metrics, KPIs, and dashboards that provide meaningful visibility into program effectiveness for technical teams, senior leadership, and governance bodies.
What Makes You Stand Out
- Experience with FDA cybersecurity guidance for medical devices (pre-market and post-market) and familiarity with IEC 62443, IEC 81001-5-1, or similar OT/IoT security standards.
- One or more industry certifications: CISSP, CISM, CRISC, CISA, CCSP, or equivalent.
- Experience leading security through M&A transactions, including due diligence and post-merger integration.
- Familiarity with NIST Cybersecurity Framework, ISO 27001/27002, SOC 2, and HITRUST frameworks.
- Prior experience as a CISO or Deputy CISO in a publicly traded company.
- Strategic Vision — Translates long-term security strategy into actionable plans that align with enterprise goals.
- Executive Influence — Builds credibility and trust with senior stakeholders; drives alignment across functions.
- Talent Development — Attracts, develops, and retains top security talent; fosters an inclusive, high-performance culture.
- Decisiveness Under Uncertainty — Makes sound, timely decisions in ambiguous or high-pressure situations.
- Collaborative Leadership — Partners effectively across IT, Legal, Compliance, R&D, and Business Units to achieve shared outcomes.
Your Background
- Preferred Qualification: Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field; Master's degree
- Preferred QUalification: 12+ years of progressive information security experience, with at least 5 years in a senior leadership role (Director level or above) managing enterprise security programs.
- Preferred Qualification: Demonstrated experience operating within a regulated industry (medical device, pharmaceutical, healthcare, or financial services) with direct accountability for regulatory compliance.
- Preferred Qualification: Deep expertise across multiple security domains: threat and vulnerability management, identity and access management, cloud security, incident response, security architecture, and GRC.
- Preferred Qualification: Proven track record of building and leading high-performing security teams in complex, matrixed, global organizations and Experience managing security in cloud environments (AWS, Azure, or GCP) and hybrid IT/OT environments.
- Preferred Qualification: Strong executive presence with the ability to communicate complex security concepts to non-technical audiences including C-suite, Board members, and regulators.
- Minimum Qualification: Bachelor's Degree and 9 years of relevant experience, or Associate's Degree and 11 years of relevant experience, or High School Diploma or Equivalent and 13 years of relevant experience AMER
Travel Expectations
Expected Compensation - $215,000-$270,000 base salary. Comprehensive bonus and LTI also offered.
EOE/M/F/Vet/Disability