Legal Counsel, Cyber and Product Security

We are seeking a legally astute and technically fluent Legal Counsel, Product Security & Cybersecurity to provide legal support for enterprise cybersecurity, product security, and digital risk across our MedTech business. This role focuses on aligning legal strategy with cybersecurity regulations, secure product development, threat mitigation, and postmarket surveillance obligations. You will partner closely with IT security, product development, compliance, and regulatory teams to ensure our products and platforms are designed and maintained with legal and security excellence.

Key Responsibilities

• Advise on cybersecurity laws, regulations, and frameworks including NIST standards (eg ISO 27001), FDA Premarket/Post-market Cybersecurity Guidance, and EU obligations and regulations such as the Cyber Resilience Act.
• Support incident and breach response protocols across enterprise and product environments.
• Provide legal guidance for secure product development, software bills of materials (SBOMs), penetration testing, and vulnerability disclosure programs.
• Counsel on global product launch compliance, especially regarding cybersecurity requirements embedded in MDR and U.S. FDA regulations.
• Draft and negotiate security-related contract provisions, including third-party security diligence and data breach terms.
• Collaborate with Product Security, R&D, Engineering, and IT on governance, risk, and compliance issues.
• Advise on cyber risk, breach response, and vulnerability disclosure involving both enterprise and product environments.
• Provide legal guidance on secure product development, SBOMs, FDA/EU cybersecurity mandates, and post-market surveillance obligations.
• Partner with product, R&D, and engineering to align legal expectations with secure design principles.
• Evaluates legal risk of product design choices (e.g., remote connectivity, open-source software, AI/ML explainability)
• Provides contract language for cybersecurity obligations, indemnification, and incident reporting
• Partners with Product Security to:
• Define cyber clauses in supplier/vendor agreements
• Manage vulnerability disclosure programs (e.g., PSIRT)
• Align with data governance and retention practices

Qualifications

• Juris Doctor (JD) with license to practice in at least one relevant jurisdiction.
• Minimum 10 years applicable professional experience in law firm or corporate legal department setting, preferably with exposure to cybersecurity or technology-related legal matters. Prior professional experience considered; medical device, pharmaceutical, life sciences experience strongly preferred.
• Familiarity with global cybersecurity standards and regulations in healthcare or critical infrastructure environments.
• Experience advising on incident response, secure development practices, or regulatory product submissions.
• Strong collaboration skills with technical and legal stakeholders.

Compensation & Benefits

The compensation for this role is between $179,100 and $388,100 salary, plus bonus eligibility and generally eligible for short-term and long-term financial incentives and benefits. Individual pay is based on skills, experience, and other relevant factors. Health benefits include: Medical and prescription drug insurance, dental insurance, vision insurance, critical illness insurance, accident insurance, hospital indemnity insurance, personalized healthcare support, wellbeing program and tobacco cessation program. Financial benefits include: Health Savings Account (HSA), Flexible Spending Accounts (FSAs), 401(k) plan, Employee Stock Purchase Plan (ESPP), basic life and AD&D insurance, and short-term disability insurance. Stryker offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 150 million patients annually. Depending on customer requirements employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required to obtain various vaccinations as an essential function of their role.

Key skills/competency

• Cybersecurity Law
• Product Security
• MedTech Regulations
• NIST Standards
• FDA Cybersecurity Guidance
• EU Cyber Resilience Act
• Incident Response
• Secure Development Practices
• SBOMs
• Contract Negotiation