Are you ready to open a world of opportunity in human resources services and talent mobility? Our clients include some of the largest and most recognized brands in the world. They’re innovators and leaders in their industries, making life-enhancing breakthroughs every day. We help them tap into those opportunities by placing their exceptional people where they need to be, anywhere in the world. When it comes to service, we set the bar for exceptional … and then we raise it with fresh ideas, leading tools and innovative approaches, and it’s all grounded in our values of truth, love, and integrity. We’re looking for exceptional people who share those values along with our passion for delivering the highest levels of service. If that sounds like you, and if you’re ready for a new career opportunity, we’d like to hear from you! Here’s to the world ahead.   We are seeking a visionary and business-aligned Chief Information Security Officer (CISO) to serve as a key member of the Graebel and IT leadership team. The CISO will provide the strategic roadmap and executive leadership for a world-class Enterprise Security Program that enables business innovation while aggressively mitigating risk. This role directs the end-to-end planning, implementation, and governance of a resilient information security strategy. The CISO architects a culture of security that protects our global reputation, digital assets, and competitive advantage. The CISO is the primary authority for enterprise-wide cyber risk evaluations, regulatory compliance alignment, and security incident management. Part of our Graebel Senior Leadership Team and reporting to the CIO, with direct advisory access to the Executive Committee and Board, this leader must be an expert communicator capable of translating complex technical threats into financial and operational impact for all levels of leadership throughout the organization. We are committed to fair and transparent compensation. The salary range for this role is based on several factors including experience, skills, and qualifications and is $245,000 to $275,000. Essential Duties and Responsibilities - Strategic Leadership: Oversight of Enterprise Information and cyber security policy, strategy, and execution driving a risk-based resilience model. - Executive Influence: Interfaces with senior leadership and the Board of Directors to ensure information security is quantified in financial and business impact terms and aligned with strategic priorities. - Stakeholder Communication: Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders, serving as a primary advocate for digital trust. - Talent Cultivation: Supervise recruitment, development, retention, engagement, and organization of security staff, fostering a high-performance culture of continuous learning. - Environment Management: Oversight of core security and infrastructure systems, managed security providers, and the security posture of the end-to-end supply chain. - Policy & Governance: Develop, implement, maintain, and oversee enforcement of IT policies, procedures, and associated plans for system security administration and user system access based on Zero Trust architecture and industry-standard frameworks (e.g., NIST, ISO). - Incident Orchestration: Accountable for security operations, incident oversight, identification, and response, focusing on rapid recovery and business continuity. - Revenue Enablement & Customer Trust: Partner with Sales and Product teams to serve as an executive-level security advocate during the sales cycle; directly engage with key customers and prospects to articulate the company’s security posture and build the "Digital Trust" necessary to accelerate contract closures. - Cross-Functional Collaboration: Collaborate with the wider IT department and business unit leaders on embedding security-by-design into enterprise and end-user processing technology. - Cultural Transformation: Create a culture of cyber security awareness both within the IT organization and driving measurable behavioral changes for the business; proactively evaluates security trends, emerging AI-driven threats, and vulnerabilities to mitigate risk. - Awareness & Advocacy: Oversees, develops, and delivers dynamic, role-specific security awareness training. Initiates, facilitates, and promotes activities to foster a shared responsibility model within the organization and related entities. - Strategic Partnerships: Promote and oversee strategic security relationships between internal resources and external entities, including suppliers, partner organizations, and industry peer groups. - Third-Party Risk Management (TPRM): Participates in the development, implementation, and ongoing compliance monitoring of all business associate, client, and supplier agreements to ensure rigorous security concerns, requirements, and responsibilities are addressed legally and technically. - Market Intelligence: Remain informed on cyber risk trends and issues; advise, counsel, and educate executive and management teams on their potential impact to brand equity and shareholder value. - Privacy & Compliance Integration: Works closely with Data Privacy leadership to ensure alignment between security and Global Data Privacy programs (e.g., GDPR, CCPA) including policies, practices, and investigations; acts as a strategic liaison to the Compliance and Legal departments. - Risk Quantification: Responsible for periodic information security risk assessment, analysis, mitigation, and remediation utilizing data-driven risk modeling. Responsible for development and implementation of an integrated security enterprise risk management plan. - Executive Communication: Interact with excellent written and communication skills, able to operate at both a visionary strategic level and high-impact operational level.

Are you ready to open a world of opportunity in human resources services and talent mobility? Our clients include some of the largest and most recognized brands in the world. They’re innovators and leaders in their industries, making life-enhancing breakthroughs every day. We help them tap into those opportunities by placing their exceptional people where they need to be, anywhere in the world. When it comes to service, we set the bar for exceptional … and then we raise it with fresh ideas, leading tools and innovative approaches, and it’s all grounded in our values of truth, love, and integrity. We’re looking for exceptional people who share those values along with our passion for delivering the highest levels of service. If that sounds like you, and if you’re ready for a new career opportunity, we’d like to hear from you! Here’s to the world ahead.   We are seeking a visionary and business-aligned Chief Information Security Officer (CISO) to serve as a key member of the Graebel and IT leadership team. The CISO will provide the strategic roadmap and executive leadership for a world-class Enterprise Security Program that enables business innovation while aggressively mitigating risk. This role directs the end-to-end planning, implementation, and governance of a resilient information security strategy. The CISO architects a culture of security that protects our global reputation, digital assets, and competitive advantage. The CISO is the primary authority for enterprise-wide cyber risk evaluations, regulatory compliance alignment, and security incident management. Part of our Graebel Senior Leadership Team and reporting to the CIO, with direct advisory access to the Executive Committee and Board, this leader must be an expert communicator capable of translating complex technical threats into financial and operational impact for all levels of leadership throughout the organization. We are committed to fair and transparent compensation. The salary range for this role is based on several factors including experience, skills, and qualifications and is $250,000 to $300,000 CAD. Essential Duties and Responsibilities - Strategic Leadership: Oversight of Enterprise Information and cyber security policy, strategy, and execution driving a risk-based resilience model. - Executive Influence: Interfaces with senior leadership and the Board of Directors to ensure information security is quantified in financial and business impact terms and aligned with strategic priorities. - Stakeholder Communication: Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders, serving as a primary advocate for digital trust. - Talent Cultivation: Supervise recruitment, development, retention, engagement, and organization of security staff, fostering a high-performance culture of continuous learning. - Environment Management: Oversight of core security and infrastructure systems, managed security providers, and the security posture of the end-to-end supply chain. - Policy & Governance: Develop, implement, maintain, and oversee enforcement of IT policies, procedures, and associated plans for system security administration and user system access based on Zero Trust architecture and industry-standard frameworks (e.g., NIST, ISO). - Incident Orchestration: Accountable for security operations, incident oversight, identification, and response, focusing on rapid recovery and business continuity. - Revenue Enablement & Customer Trust: Partner with Sales and Product teams to serve as an executive-level security advocate during the sales cycle; directly engage with key customers and prospects to articulate the company’s security posture and build the "Digital Trust" necessary to accelerate contract closures. - Cross-Functional Collaboration: Collaborate with the wider IT department and business unit leaders on embedding security-by-design into enterprise and end-user processing technology. - Cultural Transformation: Create a culture of cyber security awareness both within the IT organization and driving measurable behavioral changes for the business; proactively evaluates security trends, emerging AI-driven threats, and vulnerabilities to mitigate risk. - Awareness & Advocacy: Oversees, develops, and delivers dynamic, role-specific security awareness training. Initiates, facilitates, and promotes activities to foster a shared responsibility model within the organization and related entities. - Strategic Partnerships: Promote and oversee strategic security relationships between internal resources and external entities, including suppliers, partner organizations, and industry peer groups. - Third-Party Risk Management (TPRM): Participates in the development, implementation, and ongoing compliance monitoring of all business associate, client, and supplier agreements to ensure rigorous security concerns, requirements, and responsibilities are addressed legally and technically. - Market Intelligence: Remain informed on cyber risk trends and issues; advise, counsel, and educate executive and management teams on their potential impact to brand equity and shareholder value. - Privacy & Compliance Integration: Works closely with Data Privacy leadership to ensure alignment between security and Global Data Privacy programs (e.g., GDPR, CCPA) including policies, practices, and investigations; acts as a strategic liaison to the Compliance and Legal departments. - Risk Quantification: Responsible for periodic information security risk assessment, analysis, mitigation, and remediation utilizing data-driven risk modeling. Responsible for development and implementation of an integrated security enterprise risk management plan. - Executive Communication: Interact with excellent written and communication skills, able to operate at both a visionary strategic level and high-impact operational level.

Join Hologic's mission to drive a Secure by Design culture within our Breast & Skeletal Health division. As a Senior Product Security Engineer, you will play a pivotal role in ensuring the security and integrity of our innovative healthcare solutions. If you are passionate about cybersecurity and eager to work in a dynamic environment, we invite you to apply. This role may sit in Newark, DE, Santa Clara, CA, Marlborough, MA or can sit remotely. This is your chance to be part of something truly transformative and contribute to advancements in women's health. Key Responsibilities: - Champion Security: Drive a Secure by Design culture across product teams, ensuring adherence to security standards and best practices. - Policy Enhancement: Participate in the continuous improvement of our Secure by Design policies and procedures, aligning products with the latest security requirements and regulatory standards. - Documentation and Architecture: Support the creation and maintenance of security design documentation and architecture diagrams. - Security Assessments: Conduct and document ongoing security assessments, including Threat Modeling, for Hologic products and remote connectivity solutions, providing support to product teams as needed. - Risk Management: Perform Security Risk Management activities to address identified vulnerabilities and security design issues. - Design Discussions: Create and maintain security controls and requirements while actively participating in design discussions and activities. - Development Support: Assist in product development efforts, including Security Code Reviews, to ensure compliance with Secure by Design principles and the implementation of appropriate security controls. - Automation and DevSecOps: Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments. - Monitoring and Incident Response: Oversee ongoing security monitoring of in-market products and connected health solutions, participating in incident response investigations as necessary. - Education and Training: Educate sales and service teams on securing our products, connected health solutions, and their operating environments. Ideal Candidate Profile: - Industry Awareness: Maintain vigilance on industry security threats, assess risks to Hologic products, and manage these risks according to established quality procedures. - Troubleshooting Expertise: Effectively diagnose and resolve issues associated with networked, computer-based products. - Travel Flexibility: Be available for travel to Hologic offices, training, and customer sites. - Autonomous Alignment: Work with some supervision while aligning with strategic intentions and corporate priorities. - Network Knowledge: Possess a strong understanding of network design concepts and a working knowledge of security analysis and protection tools. Qualifications: - Education: Master’s or Bachelor’s degree in Computer Science, Management Information Science, Engineering, or a related technical field. - Experience: 4+ years of relevant experience in: - Computer and network security - Cloud base platform experience - Computer networking administration - Microsoft Windows and Linux operating systems - Software application testing and maintenance - Cybersecurity Risk Assessment - Technical Skills: - Knowledge of the secure development lifecycle and experience in a development environment. - Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and common vulnerabilities (e.g., OWASP Top 10, CWEs). - Proficiency in scripting and simple application development (e.g., PowerShell, Python, C#, C++). - Experience with industry-standard security tools (SAST, SCA, DAST, vulnerability scanning). - Expertise in Threat Modeling (STRIDE method preferred). - Penetration Testing experience (direct or supportive). - Experience securing development and cloud environments (Azure preferred) and the DevSecOps (CI/CD) pipeline. - Strong communication skills, both verbal and written. Preferred Qualifications: - Medical Systems Knowledge: Experience with medical information system administration and familiarity with medical device security standards and regulations (e.g., FDA Premarket Cybersecurity Guidance, IEC 81001-5-1, AAMI TIR57, AAMI SW96). - Regulated Industry Experience: Experience in software development and verification within a regulated industry. - Technical Support Experience: Experience providing technical support to field service teams and/or end-users. - Certifications: Security-related certifications (e.g., CISSP), OS (Windows, Linux), and networking (Cisco) certifications are strongly preferred. - DoD Certification: Experience obtaining and maintaining Department of Defense (DoD) Authority to Operate (ATO) certifications. So why join Hologic? We are committed to making Hologic the company where top talent comes to grow. For you to succeed, we want to enable you with the tools and knowledge required and so we provide comprehensive training when you join as well as continued development and training throughout your career. We offer a competitive salary and annual bonus scheme, one of our talent partners can discuss this in more detail with you. If you have the right skills and experience and want to join our team, apply today. We can’t wait to hear from you! The annualized base salary range for this role is $106,600 - $171,900 and is bonus eligible. Final compensation packages will ultimately depend on factors including relevant experience, skillset, knowledge, geography, education, business needs and market demand. Agency and Third-Party Recruiter Notice: Agencies that submit a resume to Hologic must have a current executed Hologic Agency Agreement executed by a member of the Human Resource Department. In addition Agencies may only submit candidates to positions for which they have been invited to do so by a Hologic Recruiter. All resumes must be sent to the Hologic Recruiter under these terms or they will not be considered. Hologic, Inc. is proud to be an Equal Opportunity Employer inclusive of disability and veterans. LI-#DS1 #remote #hybird

• Diseño de Soluciones de Seguridad: Analizar los requerimientos del negocio para diseñar arquitecturas, patrones y soluciones que mitiguen riesgos en los proyectos de transformación, asegurando la alineación con el gobierno corporativo. • Gestión y Aplicabilidad de Controles: Construir matrices de controles personalizadas según el contexto tecnológico (Nube, Aplicación, APIs, Microservicios). • Aseguramiento y Validación Técnica: Verificar la correcta implementación de los controles en todas las capas del software mediante la ejecución de escaneos de línea base y la validación de evidencias técnicas. • Gestión de Vulnerabilidades (Shift Left): Realizar el seguimiento, priorización y recomendaciones técnicas para el cierre de vulnerabilidades identificadas durante el ciclo de desarrollo de aplicaciones. • Socialización y Referencia Técnica: Actuar como referente frente a las células de transformación, detallando activos críticos, amenazas y riesgos asociados a la arquitectura. • Atención a Entes Reguladores y Auditoría: Coordinar la respuesta a requerimientos de auditorías internas/externas y evaluaciones de riesgo, especialmente para el ecosistema offshore. • Reporting y Escalabilidad: Elaborar informes sobre el estado de seguridad de las iniciativas y comunicar desviaciones de manera oportuna a las partes interesadas.