Director, IT - Internal Controls & Compliance

Additional Locations: US-MN-Arden Hills; US-MN-Maple Grove

Diversity - Innovation - Caring - Global Collaboration - Winning Spirit - High Performance

At Boston Scientific, we’ll give you the opportunity to harness all that’s within you by working in teams of diverse and high-performing employees, tackling some of the most important health industry challenges. With access to the latest tools, information and training, we’ll help you in advancing your skills and career. Here, you’ll be supported in progressing – whatever your ambitions.

About the role:

Boston Scientific is seeking a Director, IT - Internal Controls & Compliance (Governance, Risk Management, and Compliance). This individual will be the strategic leader for all aspects of IT SOX, IT Internal Controls, and GRC, with a primary mission to safeguard and facilitate Boston Scientific’s business operations.

As a key collaborator within the Cybersecurity organization, the Director reports directly to the VP, Chief Information Security Officer (CISO). Their role extends beyond the Cybersecurity organization, fostering strong relationships across the IT organization and throughout Boston Scientific and its subsidiaries. The Director is empowered to act as the CISO’s representative, embodying the CISO’s vision and commitment to the organization’s cybersecurity posture.

Your responsibilities will include:

• Leads all facets of Cybersecurity Compliance including Regulatory Compliance for Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), BSC Global Systems Methodology (GSM) / IT Validation (ITV), Privacy regulations, International and local certification standards such as ISO 27001, NIST Cybersecurity Framework, SOC I/II certifications, etc.
• Responsible for coordinating ITGC and SOX-related activities with system owners, cross-functional control owners, internal auditors, external auditors, and outside SOX consultants. Update and maintain company-wide control standards, perform SOX/audit projects, and provide control-related training to process owners.
• Oversees all facets of Cybersecurity Governance including Security Policies & Standards, Cybersecurity Controls, Data Classification, Cloud Center of Excellence (COE) Governance, Business Continuity Planning/Disaster Recovery Planning Oversight, and Security Awareness and Training.
• Oversees all facets of Cybersecurity Risk Management including Risk Assessments, 3rd Party Vendor Security Assessments, GRC Solution Implementation, Risk Register, GRC Metrics, Vulnerability Management, Application Security, and Mergers & Acquisition Integration support.
• Lead Risk assessment, management, and reporting of emerging technologies such as artificial intelligence, machine learning, cloud computing, and automation solutions and provide oversight on the deployment of appropriate levels of IT and security controls to enterprise-wide programs.
• Collaborates across the cybersecurity organization, IT, and throughout BSC. Maintains relationships with Legal/Privacy, Enterprise Risk Management/Global Internal Audit, Quality/Regulatory, and Corporate Accounting/Finance.
• Serves as the HIPAA Security Officer for select covered entities and as principal cybersecurity liaison for BSC external auditors, as well as regulatory bodies.

Minimum Qualifications:

• Minimum of a bachelor's degree in a relevant field.
• 10+ years of IT auditing experience at a global level, specializing in areas such as IT governance, project management, infrastructure management, software development, and cybersecurity risk.
• Experience designing, monitoring, or evaluating internal controls and SOX compliance for a multinational organization.
• Expertise in Sarbanes-Oxley, PCI, HIPAA compliance requirements, and a solid understanding of accounting and finance processes.
• Track record of leading IT and Cybersecurity-related engagements and liaising with external auditors and regulatory agencies.
• Proficiency in developing IT and Cyber risk-based audit work programs and conducting risk-based audits.
• Familiarity with state, federal, and international laws and regulations affecting internal audit, accounting, and management controls.
• Experience in Risk Management and tracking related metrics and communicating the same to executive leadership.
• Prior experience partnering or working with leading GRC solutions.
• Recognized professional qualifications such as CPA, CIA, CISA, CISSP, or CFE.

Preferred Qualifications and Competencies:

• Experience in applying IT control & security frameworks such as SSAE18 SOC2, COBIT, NIST Cyber Security Framework, ISO 27001, and other global frameworks.
• Able to communicate a compelling vision and the need for change that generates excitement, enthusiasm, and commitment to the process.
• Ability to lead others by empowering innovative approaches and motivating others to be proactive and resourceful.
• Ability to lead a team in applying broad business and technology understanding of internal and external trends and capabilities to ensure the successful execution of IT governance and compliance.

Requisition ID: 580337

As a leader in medical science for more than 40 years, we are committed to solving the challenges that matter most – united by a deep caring for human life. Our mission to advance science for life is about transforming lives through innovative medical solutions that improve patient lives, create value for our customers, and support our employees and the communities in which we operate. Now more than ever, we have a responsibility to apply those values to everything we do – as a global business and as a global corporate citizen.

So, choosing a career with Boston Scientific (NYSE: BSX) isn’t just business, it’s personal. And if you’re a natural problem-solver with the imagination, determination, and spirit to make a meaningful difference to people worldwide, we encourage you to apply and look forward to connecting with you!