Senior Director, Cybersecurity & IT Compliance

Senior Director, Cybersecurity & IT Compliance

Location: Leesburg, VA

Company: VB Spine

Looking for a career where your work truly matters? At VB Spine, you’ll be part of a mission-focused team that supports surgeons during life-changing spinal procedures. We’re looking for driven individuals ready to learn quickly, adapt under pressure, and grow in a dynamic, fast-paced environment. 

We are seeking a Senior Director of Cybersecurity & IT Compliance who will serve as the global leader responsible for safeguarding VB Spine’s digital assets, ensuring regulatory and audit readiness, and driving a modern, agile cybersecurity and IT governance framework. This role is pivotal in the post-divestiture transformation — building independent security capabilities, embedding compliance into business and product processes, and partnering with Infrastructure, Applications, Quality, Legal, and R&D to enable secure growth in a regulated MedTech environment.

What You’ll Do:

Strategic Leadership & Program Development

Develop and execute a comprehensive cybersecurity and IT compliance strategy aligned with business goals and regulatory obligations in a post divestiture environment
Lead the design and implementation of an enterprise-wide cybersecurity framework, including risk management, security architecture, and incident response programs.
Establish a governance structure for cybersecurity and IT compliance, ensuring clarity of roles, responsibilities, and accountability.
Drive continuous improvement and innovation in security practices through automation, AI-enabled threat detection, Zero Trust adoption, and modern compliance tooling.
Manage MSSPs, incident response retainers, and technology partners to deliver lean but resilient global security coverage.

Cybersecurity Operations & Risk Management

Oversee security operations, including threat monitoring, vulnerability management, and penetration testing.
Direct the evaluation, selection, and implementation of security technologies, tools, and platforms.
Conduct regular risk assessments and ensure risk mitigation strategies are documented and implemented.
Lead the response to cybersecurity incidents, including investigation, containment, remediation, and executive communication.
Collaborate with the Infrastructure team on shared accountabilities such as identity management, patching, endpoint hardening, and network security.

IT Compliance & Regulatory Alignment

Ensure compliance with applicable MedTech and healthcare regulations (e.g., FDA 21 CFR Part 11, HIPAA, ISO 27001, SOC 2, GDPR, CCPA).
Partner with Quality, Regulatory Affairs, and Legal to integrate IT compliance requirements into product development, manufacturing systems, and business processes.
Develop policies, procedures, and training programs to maintain compliance and prepare for internal and external audits.
Oversee vendor and third-party security assessments to ensure alignment with company standards

Post-Divestiture Transition

Assess inherited IT infrastructure, applications, and security posture; develop and execute remediation and optimization plans.
Build standalone IT security capabilities where previously dependent on the parent company’s resources.
Guide data migration, network segregation, and system reconfiguration while maintaining security and compliance integrity.

Team Leadership & Development

Lead and mentor a high-performing cybersecurity and compliance team.
Build talent pipelines and succession plans for critical security and compliance functions.
Foster a culture of innovation, continuous maturity, and cross-functional collaboration.

What You Bring:

Bachelor’s in Information Security, Computer Science, or related field required; Master’s preferred.
Professional certifications strongly preferred: CISSP, CISM, CISA, CRISC (or equivalent).
Specialized training in NIST CSF, ISO 27001, CIS Controls, and regulatory frameworks (FDA, HIPAA, GDPR).
12–15 years progressive experience in cybersecurity, compliance, and IT governance, with 5+ years in senior leadership.
Proven success building and maturing cybersecurity programs in regulated industries; MedTech, healthcare, or life sciences strongly preferred.
Experience navigating post-divestiture or M&A transitions, including TSA exits and stand-up of independent security capabilities.
Demonstrated expertise in security architecture, SOC/MSSP oversight, incident response, vulnerability management, and compliance program design.
Strong regulatory and audit engagement experience (FDA, ISO, GDPR, HIPAA).
Background in consulting or advisory roles may be considered if demonstrating enterprise-scale leadership and board-level communication.
Exceptional leadership, executive presence, and ability to translate technical security risks into business terms.
Ability to work in a fast-paced environment and manage multiple priorities under tight deadlines.
Strong analytical and problem-solving skills with high attention to detail.
Ability to sit for extended periods and work at a computer for the majority of the workday.
Clear verbal and written communication skills to engage with technical and non-technical audiences.
Occasional travel required to company sites, vendor facilities, or industry conferences (up to 20%).

Why VB Spine?

We believe in growing talent from within. At VB Spine, join a high-performing team, benefit from peer and executive mentorship, and shape strategy in the dynamic field of medical sales—positioning yourself to influence growth and innovation across the organization.

Compensation:

Pay for this role is competitive and based on experience, with additional factors like territory requirements, qualifications, and performance taken into account. Final compensation is determined on a case-by-case basis and considers a variety of factors, including experience level, skillset, and market conditions.

Benefits include:

Comprehensive health, dental, and vision insurance
401(k) with company match
Paid time off (PTO) and holidays
Ongoing training and professional development opportunities
Opportunity to grow within a fast-paced, dynamic company

Apply for this job

First name

Last name

Email address

Location

Phone number

Resume

Attach resume

Attach another file

Attach file

What is your Linkedin Profile URL?

Attach your Cover Letter - or:

Attach Cover Letter

Cut and Paste your Cover Letter below:

What are your salary requirements?

Are you willing to relocate?

Are you authorized to work in the United States?

Will you now or in the future require sponsorship for employment visa status (e.g. H-1B status)?

What is your earliest start date?

Are you 18 years of age or older?

Are you willing to work evenings?

Are you willing to work weekends?

Do you have any professional qualifications (PMP, MCSE)?

What is the highest level of education you’ve obtained?

We invite you to complete the optional self-identification questions below used for compliance with government regulations and record-keeping guidelines. Any self-identification information provided will not be considered in the selection process.

GENDER

VETERAN STATUS Learn more about veteran statuses

If you believe you belong to any of the categories of protected veterans listed below, please indicate by selecting the appropriate category(ies). The hiring employer is subject to the Vietnam Era Veterans' Readjustment Assistance Act of 1974, as amended by the Jobs for Veterans Act of 2002, 38 U.S.C. 4212 (VEVRAA) and requests this information in order to measure the effectiveness of the outreach and positive recruitment efforts it undertakes pursuant to VEVRAA.

DISABILITY STATUS Learn more about disability statuses

We are required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.