Apply now »

Who we are

You enjoy creating and innovating. You never stop striving for better. You take responsibility and you get results. You love being part of a team. Above all, you want your work to matter: Welcome to our world! At Sonova we create sense by bringing sound to life. Our innovative hearing care solutions help millions of people enjoy life’s unforgettable moments.

We offer exceptional career opportunities through market-leading brands from consumer to medical, products and services that keep pushing hearing care forward, and a culture where you can quickly belong and perform at your best.

If you want the freedom to explore, opportunities to grow, and make positive change on people lives through your work, this is the place for you.

Join Sonova. Create sense.

Staefa, Switzerland

Director, Product Cybersecurity

Location: Staefa (Switzerland)

 

Who we are

Sonova is a global leader in innovative hearing care solutions: from personal audio devices and wireless communication systems

to audiological care services, hearing aids and cochlear implants. Sonova operates through four businesses: Hearing Instruments, Audiological Care, Consumer Hearing and Cochlear Implants – and the core brands Phonak, Unitron, AudioNova, Sennheiser (under license) and Advanced Bionics as well as recognized regional brands. The Group’s globally diversified sales and distribution channels serve an ever-growing consumer base in more than 100 countries.

 

The Role

The Director, Product Cybersecurity is responsible for defining, driving, and governing cybersecurity and data privacy practices across the full product lifecycle. This includes connected medical devices (hearing instruments and cochlear implants), embedded platforms, firmware, mobile applications, and cloud-based services.

 

The role ensures products are secure-by-design, compliant with global regulations, and resilient against evolving cyber threats - while balancing patient safety, data protection, and innovation in a highly regulated environment.

 

As the accountable owner of product cybersecurity risk within R&D, this role acts as the central interface to Quality, Regulatory Affairs, IT, and Global Information Security, with functional alignment to the Chief Information Security Officer (CISO).

 

Key responsibilities

Strategy & Governance

  • Define and lead the global product cybersecurity strategy in alignment with the CISO and business priorities.
  • Establish and enforce security principles, standards, and controls across the product ecosystem.
  • Act as the primary point of contact for cybersecurity in audits, inspections, and regulatory interactions.
  • Drive cybersecurity roadmaps aligned with regulatory, technology, and business needs.
  • Lead incident response readiness and cybersecurity health checks across products.

 

Secure Product Development & Architecture

  • Embed cybersecurity into the Secure Product Development Framework (SPDF) across the full lifecycle.
  • Ensure compliance with relevant standards (e.g., IEC 62304, ISO 14971, IEC 81001-5-1).
  • Lead threat modeling, architecture reviews, and secure design practices with global R&D teams.
  • Define security requirements across embedded systems, connectivity, mobile, APIs, and cloud.

 

Risk Management & Post-Market Oversight

  • Own product cybersecurity risk across global R&D, ensuring visibility on risks impacting safety and data protection.
  • Oversee vulnerability management, including triage, remediation, and coordinated disclosure.
  • Lead security risk reviews and report to governance bodies on trends and key metrics.
  • Ensure effective post-market surveillance for cybersecurity threats and signals.

 

Regulatory, Quality & Supplier Assurance

  • Own cybersecurity deliverables for regulatory submissions (e.g., risk assessments, SBOMs, threat models).
  • Partner with Quality and Regulatory teams to ensure audit-ready and compliant processes.
  • Define and enforce cybersecurity requirements for suppliers, partners, and third parties.

 

Leadership & Capability Building

  • Lead and develop a global product cybersecurity team.
  • Act as a trusted advisor to engineering and product leadership on risk-based decisions.
  • Drive cybersecurity awareness and capability across R&D organizations.
  • Build external partnerships with industry bodies, regulators, and research institutions.

 

 

What We Are Looking For

Education

  • Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Biomedical Engineering, or a related field.
  • Additional specialization in cybersecurity is preferred.

 

Work experience

  • 8+ years of experience in product, embedded, or application security, ideally in medical devices or other regulated / safety-critical industries.
  • Strong experience in regulated environments (e.g., FDA, ISO 13485, ISO 14971, IEC 62304).
  • Proven track record in implementing secure development lifecycle frameworks (SDLC / SPDF).
  • Deep expertise in:
    • Embedded and firmware security
    • Cryptography, authentication, and key management
    • Secure communications, APIs, and cloud/mobile architectures
  • Experience with security testing methods (SAST, DAST, penetration testing).
  • Strong experience leading cross-functional, global initiatives.

 

Nice to have:

  • Experience in hearing healthcare or implantable medical technologies.
  • Familiarity with SBOM, MDS2, and healthcare cybersecurity requirements.
  • Knowledge of frameworks such as NIST CSF, ISO/IEC 27001, MITRE.
  • Experience in incident response within healthcare or critical infrastructure.

 

Leadership & Personal Capabilities

  • Strong communication skills with the ability to translate complex topics into clear, business-relevant messaging.
  • Pragmatic, outcome-oriented mindset with strong risk-based decision-making.
  • Proven ability to influence across a matrix organization without formal authority.
  • Experience leading globally distributed teams.

Professional Competencies

  • Expertise in cybersecurity and privacy-by-design across the product lifecycle.
  • Strong knowledge of relevant regulations and industry standards.
  • Ability to define governance, processes, and risk management frameworks.
  • Strategic mindset to integrate cybersecurity into product and technology roadmaps.

 

Languages & Tools

  • Fluent in English (written and spoken).
  • Additional languages (e.g., German) are a plus.
  • Familiarity with collaboration tools (e.g., Jira, Confluence).

 

Why Join Us

Sonova is an equal opportunity employer.

We team up. We grow talent. We collaborate with people of diverse backgrounds to win with the best team in the marketplace. We guarantee every person equal treatment in regard to employment and opportunity for employment, regardless of a candidate’s ethnic or national origin, religion, sexual orientation or marital status, gender, genetic identity, age, disability or any other legally protected status.

Sonova is an equal opportunity employer.

We team up. We grow talent. We collaborate with people of diverse backgrounds to win with the best team in the market place. We guarantee every person equal treatment in regard to employment and opportunity for employment, regardless of a candidate’s ethnic or national origin, religion, sexual orientation or marital status, gender, genetic identity, age, disability or any other legally protected status.

Apply now »