In this role, you will…

• Build relationships across Align while paying specific attention to stakeholders within the iTero business unit to ensure all aspects of Information Security team programs are operating effectively.
• Support global Application Security, Identity and Access Governance, Security Operations, and Technology Governance, Risk, and Compliance programs as they apply to iTero systems, employees, contractors, etc. Tailor these programs as necessary to meet the local iTero needs.
• Support global programs to ensure compliance with regulations impacting iTero’s operations including SOC2, SOX, PCI, HIPAA, FDA, GDPR, EU MDR, China Cyber Security Law (CSL), and other global cyber and data privacy laws and regulatory requirements impacting iTero operations as necessary.
• Regularly assess the security of iTero systems, including both back-end systems and iTero scanners distributed around the world (e.g. iTero ecosystem).
• Ensure that security and compliance requirements are documented, regularly reviewed, and considered as part of new iTero product releases.
• Direct iTero Security team members’ activities to focus on key priorities that ensure the security of the iTero ecosystem.
• Engage regularly with iTero business and technical leadership to educate them on current security risks in the industry as well as risks and vulnerabilities specific to the iTero ecosystem.
• Provide security education and awareness to iTero employees and contractors as necessary.
• Engage with external and internal auditors as needed to support technology audits impacting iTero’s operations.
• Coordinate initiatives which impact iTero from global Technology Governance, Risk and Compliance programs such as Customer Requests, Project Guidance and Release Oversight, Risk Assessments (Vendor, Site, Applications), and Business Resiliency.
• Manage medical device cybersecurity report and product security documentation per iTero Scanner version and various associated cybersecurity reports supporting various country-specific regulatory requirements (e.g. United States FDA, China NMPA, Taiwan FDA, etc.). This includes ensuring requirements and testing documentation maintained by the quality and technology teams accurately maps to cybersecurity controls along with monitoring that post-market monitoring cybersecurity requirements are met.
• Coordinate initiatives which impact iTero from global Application Security programs such as Static Application Testing, Dynamic Application Testing, Interactive Application Testing, Application Security Requirements & Training, and Bug Bounty Program.
• Coordinate initiatives which impact iTero from global Security Operations programs such as Threat Intelligence, Threat Monitoring, Incident Response, Vulnerability Management, Network Security, and Penetration Testing.
• Coordinate initiatives which impact iTero from global Identity & Access Governance programs such as Identity Management, Access Management, Privileged Access, Multi-factor Authentication, and Access Automation.

In this role, you’ll need …

• Strong English speaking skills with experience working at a global company.
• Bachelor’s degree in Information Technology, Engineering, Computer Science, other technical degree - or equivalent work experience.
• 10+ years of experience in the information security field, with at least 5 years of management experience.
• Ideally, experience with medical devices and their related security and regulatory landscape.
• Previous experience with building out and managing security and/or compliance programs.