• Director Product Security - Software Systems…

    GRAIL (Menlo Park, CA)


    Our mission is to detect cancer early, when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care.

     

    We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of next-generation sequencing (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges.

     

    GRAIL is headquartered in Menlo Park, California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies.

     

    For more information, please visit grail.com .

     

    We are seeking a mission-driven and strategic Director of Product Security to lead high-impact security initiatives across the GRAIL enterprise. This individual will report directly to the VP of Cybersecurity and leverage deep domain expertise and global delivery experience to enable internal stakeholders to navigate the evolving cyber threat landscape, design secure systems, and align cyber resilience with enterprise goals.

     

    This role requires more than technical proficiency. We are looking for a leader who models GRAIL’s core values, embodies our LEAD leadership attributes, and delivers results with integrity, inclusivity, and strategic insight.

     

    This is a hybrid role out of our Menlo Park CA office

    Responsibilities

    + **Cybersecurity & Risk Leadership**

    + Responsible for leading to protect an organization's products and services from cyber threats. They work closely with engineering, product management, and executive teams to integrate security best practices into the development lifecycle.

    + **Key responsibilities include:**

    + **Strategy & Leadership:** Develop and execute the product security strategy. Lead a team of security professionals and foster a security-aware culture.

    + **Security By Design:** Ensure cybersecurity measures from the initial stages of device design and development. Raise awareness on secure coding practices, input cybersecurity validation, strong authentication, and secure data storage mechanisms.

    + **Secure Product Development Framework:** Integrate security practices into the Secure Software Development Life Cycle (SSDLC) that systematically address cybersecurity risks from design to decommissioning of GRAIL commercial products. Oversee security reviews and assist product teams to implement DevSecOps principles.

    + **Vulnerability Management & Incident Response:** Advise technical teams on vulnerability identification and remediation. Act as a SME on product security incident response and enhance threat detection. Advise remediation options to product teams on exploitable, critical known vulnerabilities released by CVSS.

    + **Compliance & Governance:** Ensure product adherence to relevant security regulations and industry standards. Stay updated on security trends and work with security, IT and legal teams.

    + **Policy Development:** Create, revise, and update GRAIL product security policies and procedures to align with best practices in Software Development Lifecycle Management (SDLC). Ensure that these documents are effectively communicated and accessible to software and product development.

    + **Training and Awareness:** Develop and deliver training programs to promote awareness of compliance issues and ethical behaviors among employees. Encourage a culture of cybersecurity throughout the organization.

    + **Incident Management:** Work with the Incident Management team to integrate product incident response procedures into enterprise Cyber Incident Response Plan (C-IRP).

    + **Reporting and Performance Monitoring:** Define product security KPIs and present product security reports to senior management.

    + **Collaboration & Communication:** Partner with various teams to integrate security into the product roadmap. Communicate security topics effectively and build relationships with internal and external partners.

    + **Collaboration with Stakeholders:** Build strong relationships with product, software, quality and security team, internal departments and external parties, and third-party vendors, to ensure effective governance and compliance practices with FDA Pre & Post Market Cybersecurity guidance.

    + **Continuous Improvement:** Evaluate current product security processes, and identify opportunities for enhancements to improve efficiency and effectiveness.

    + **Strategic Execution & Business Impact**

    + Translate business objectives into technical strategies that reduce risk, align with regulations, and enable innovation.

    + Build and evolve stakeholder and team relationships across business units and geographies, ensuring the delivery of tailored, high-value solutions.

    + Serve as lead for key cybersecurity initiatives and milestones, while ensuring stakeholder preparedness and training for execution.

    + **Team Leadership & People Development**

    + Inspire and build inclusive, high-performing teams that thrive in fast-paced and ambiguous environments.

    + Mentor future leaders, create growth pathways, and embed feedback-rich, talent-building practices.

    + Promote a collaborative culture that empowers individuals and celebrates curiosity and impact.

    + **LEADership Attributes in Action**

    + This Director level role is expected to lead through the **LEAD framework** :

    + L: Lead by Example - Model trust, consistency, and resilience. Navigate ambiguity and manage conflict constructively.

    + E: Engage Others - Inspire mission alignment, communicate effectively across all levels, and develop talent through coaching and feedback.

    + A: Achieve Results - Drive execution through accountability, collaboration, and a clear sense of ownership—even when facing setbacks.

    + D: Develop the Business - Address complex problems with clarity and innovation. Balance the needs of patients, clients, and partners in every decision.

    + **GRAIL Core Values & Expected Behaviors -** This Director level leader must live GRAIL’s values in every engagement:

    + **Be Courageous** - Challenge the status quo, step up to address difficult issues, and support others who do the same.

    + **Solve Problems Together** - Collaborate across boundaries, bring in diverse skillsets, and work with rigor, speed, and a data-driven mindset.

    + **Think BIG!** Pursue ambitious goals with focused execution and bring in external perspectives to shape future solutions.

    + **Embrace Change** - Navigate ambiguity, anticipate the future, and turn complexity into opportunity.

    + **Bring an Open Mind** - Cultivate curiosity, listen actively to diverse voices, and challenge assumptions to unlock innovation.

    Preferred Qualifications

    + 15+ years in product security, risk, privacy, or regulatory consulting or corporate experience

    + Extensive knowledge of frameworks IEC 62304, ISO 14971, and ISO 80001-2, that provide guidance on cybersecurity for medical devices.

    + Proven record of delivering cybersecurity programs and executive tabletop exercises globally

    + Strong communication and stakeholder management skills—from technical leads to C-suite executives

    + Global perspective from working with international stakeholders or teams

    + Bachelor’s degree in Cybersecurity, Information Systems, Business Management, or related field; and professional certifications (e.g., CRISC, CISM, CISA) preferred or equivalent

    Preferred Attributes & Experience

    + Experience leading cyber innovation initiatives across government and commercial sectors

    + Skilled at building cross-functional alignment and translating technical risks into business implications

    + Strong interpersonal, coaching, and influence skills

     

    Expected full time annual base pay scale for this position is $224K-$299K. Actual base pay will consider skills, experience and location.

     

    Based on the role, colleagues may be eligible to participate in an annual bonus plan tied to company and individual performance, or an incentive plan. We also offer a long-term incentive plan to align company and colleague success over time.

     

    In addition, GRAIL offers a progressive benefit package, including flexible time-off, a 401k with a company match, and alongside our medical, dental, vision plans, carefully selected mindfulness offerings.

     

    GRAIL is an Equal Employment Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us (https://grail.com/about/#contact-us) to request accommodation. GRAIL maintains a drug-free workplace.

     

    GRAIL is an Equal Employment Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us (https://grail.com/about/#contact-us) to request accommodation. GRAIL maintains a drug-free workplace.