Stryker

Compensation

Full Description

Work Flexibility: Remote Position Summary We are seeking a legally astute and technically fluent Legal Counsel, Product Security & Cybersecurity to provide legal support for enterprise cybersecurity, product security, and digital risk across our MedTech business. This role focuses on aligning legal strategy with cybersecurity regulations, secure product development, threat mitigation, and postmarket surveillance obligations. You will partner closely with IT security, product development, compliance, and regulatory teams to ensure our products and platforms are designed and maintained with legal and security excellence. Key Responsibilities Advise on cybersecurity laws, regulations, and frameworks including NIST standards (eg ISO 27001), FDA Premarket/Post-market Cybersecurity Guidance, and EU obligations and regulations such as the Cyber Resilience Act. Support incident and breach response protocols across enterprise and product environments. Provide legal guidance for secure product development, software bills of materials (SBOMs), penetration testing, and vulnerability disclosure programs. Counsel on global product launch compliance, especially regarding cybersecurity requirements embedded in MDR and U.S. FDA regulations. Draft and negotiate security-related contract provisions, including third-party security diligence and data breach terms. Collaborate with Product Security, R&D, Engineering, and IT on governance, risk, and compliance issues. Advise on cyber risk, breach response, and vulnerability disclosure involving both enterprise and product environments. Provide legal guidance on secure product development, SBOMs, FDA/EU cybersecurity mandates, and post-market surveillance obligations. Partner with product, R&D, and engineering to align legal expectations with secure design principles. Evaluates legal risk of product design choices (e.g., remote connectivity, open-source software, AI/ML explainability) Provides contract language for cybersecurity obligations, indemnification, and incident reporting Partners with Product Security to: Define cyber clauses in supplier/vendor agreements Manage vulnerability disclosure programs (e.g., PSIRT) Align with data governance and retention practices Qualifications Juris Doctor (JD) with license to practice in at least one relevant jurisdiction. Minimum 10 years applicable professional experience in law firm or corporate legal department setting, preferably with exposure to cybersecurity or technology-related legal matters. Prior professional experience considered; medical device, pharmaceutical, life sciences experience strongly preferred. Familiarity with global cybersecurity standards and regulations in healthcare or critical infrastructure environments. Experience advising on incident response, secure development practices, or regulatory product submissions. Strong collaboration skills with technical and legal stakeholders. Compensation $179,100- $388,100 salary plus bonus eligible + generally eligible for short-term and long-term financial incentives + benefits. Individual pay is based on skills, experience, and other relevant factors. Travel Percentage: 20% Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability. Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. Stryker is one of the world’s leading medical technology companies and, together with its customers, is driven to make healthcare better. We offer innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. We are proud to be named one of the World’s Best Workplaces! For more information, visit: www.stryker.com Work Flexibility Remote – Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a Stryker facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a Stryker facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be onsite would be defined and agreed upon by your manager/supervisor.