Manager of Product Cybersecurity (Hybrid, Boston)

We are constantly looking to add to our core talent. If you are seeking a career that is challenging and rewarding, a work environment that is diverse and dynamic, look no further - Haemonetics is your employer of choice.

We are seeking a Manager of Product Cybersecurity to lead and execute cybersecurity strategy for medical devices and Software as a Medical Device (SaMD) across the full product lifecycle. This role is critical to ensuring the safety, effectiveness, and regulatory compliance of connected healthcare products while enabling innovation and speed to market.

This is a playercoach role: you will directly contribute to threat modeling, design reviews, vulnerability management, and regulatory submissions while leading and mentoring a small team of product security engineers.

Key Responsibilities:

Product & Engineering Security (HandsOn)

• Lead and personally execute cybersecurity activities across the product lifecycle, from concept through postmarket support.

• Perform and review:

  • Threat modeling and attack surface analysis

  • Secure architecture and design reviews

  • Security requirements definition and verification

• Manage and approve third-party penetration testing

• Partner with R&D to embed securebydesign practices into hardware, firmware, software, cloud, and mobile components.

• Guide secure development aligned with IEC 62304, ISO 14971, ISO 270001, and other regulatory cybersecurity expectations.

• Integrate cybersecurity into design controls, software lifecycle processes, and system engineering practices.

Vulnerability & Incident Management

• Lead the product vulnerability management program, including:

  • Vulnerability intake, triage, and risk assessment

  • Coordinated disclosure and remediation

  • CVE tracking and SBOMdriven analysis

• Guide product cybersecurity incident response, including root cause analysis and corrective actions.

• Support efforts to ensure monthly security testing is running successfully across products through support integration of security tools through automation

Regulatory & Compliance Leadership

• Lead cybersecurity contributions for:

  • FDA submissions (U.S.)

  • EU MDR technical documentation

  • Other international markets as required

• Author and/or review cybersecurity documentation, including:

  • Threat models and risk assessments

  • Cybersecurity sections of regulatory submissions

  • Security architecture and design artifacts

• Ensure alignment with:

  • FDA Cybersecurity Guidance

  • EU MDR and IEC 8100151

  • ISO 14971 and IEC 62304

  • NIST Cybersecurity Framework and relevant global standards

Leadership & Team Development

• Lead, mentor, and grow a team of product cybersecurity engineers.

• Balance handson technical work with prioritization, planning, and delivery.

• Establish clear pragmatic cybersecurity processes, metrics, and accountability across product teams.

Required Qualifications:

• Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related field

• 8+ years of cybersecurity experience, with direct experience securing medical devices or SaMD.

• 3+ years of experience leading or mentoring cybersecurity or product security teams.

• Strong handson experience with:

  • Secure software development

  • Embedded and/or cloudconnected medical devices

• Threat modeling and risk analysis

• Experience in healthcare and regulatory environments.

Preferred Qualifications

• Experience supporting FDA submissions and regulatory audits.

• Familiarity with SBOM standards (e.g., SPDX, CycloneDX).

• Knowledge of cloud security for regulated healthcare environments.

• Familiarity with US Department of Defense (DoD) Authorization to Operate (ATO)

• Relevant certifications (e.g., CISSP, CSSLP, HCISPP).

What Success Looks Like!

• Overall product cybersecurity program is easy to understand and execute

• Products ship securely, compliantly, and on time without lastminute cybersecurity surprises.

• Cybersecurity risks are clearly understood, documented, and mitigated throughout the product lifecycle.

• Engineering teams proactively integrate security into design and development.

• Regulators and auditors view cybersecurity practices as mature, transparent, and wellgoverned.

EEO Policy Statement

Pay Transparency:

The base pay actually offered to the successful candidate will take into account, without limitation, the candidate's location, education, job-knowledge, skills, and experience in prior relevant roles. Incentives may also be provided as part of Haemonetics' employee compensation. For sales roles, employees will be eligible for sales incentive (i.e., commission) under the applicable plan terms. For non-sales roles, employees will be eligible for a discretionary annual bonus, the target amount of which varies based on the applicable role, to be governed by the applicable plan terms. Employees may also be eligible to participate in the Company's long-term incentive plan, with eligibility and target amount dependent on the role.

In addition to compensation, the Company offers a competitive suite of benefits to its employees, including without limitation, a 401(k) with up to a 6% employer match and no vesting period, an employee stock purchase plan, "flexible time off" for salaried employees and, for hourly employees, accrual of three to five weeks' vacation annually (based on tenure), accrual of up to 64 hours (annually) of paid sick time, paid and/or floating holidays, parental leave, short- and long-term disability insurance, tuition reimbursement, and/or health and welfare benefits.

Depending on your location, you may be eligible for more detailed information related to the compensation and benefits related to this job posting. If you believe you may be entitled to such information by law, you may contact 1-781-348-7777, Monday through Friday, 7:30 a.m. - 5 p.m. ET or email AskHR@Haemonetics.com.

The base salary range for this role is: