Senior Cyber Information Assurance Analyst

at  Medtronic

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.
A Day in the Life
As the Senior Cyber Information Assurance Analyst for the Digital Technologies Business Unit (DTBU), your primary role is to facilitate stakeholder assurance efforts related to DTBU products to enable critical sales efforts. You will address customer inquiries about the DS1 Touch Surgery platform’s security controls, both in writing as well as in meetings if required.

This role further involves streamlining the security questionnaire process and collaborating with internal teams like R&D, Product Security and other Global Cyber and Information Security Office Functions to consolidate responses and improve operational efficiency.

• Business Understanding: Develop a thorough understanding of the Digital Technologies business, products and key stakeholders.
• Security Questionnaire Lead: Serve as the primary contact for completing security questionnaires related to Digital Technologies Business Unit (DTBU) products, ensuring timely and accurate responses per internal service level agreements (SLAs).
• Cross-Team Collaboration: Collaborate with R&D, Technical Services, Product Security, and the Global Cyber and Information Security Office (GCISO) teams to compile questionnaire responses.
• Database and Tools Management: Continuously update and enhance the security question-answer database to improve efficiency and reduce response times. Utilize tools like ProcessBolt to streamline processes.
• Customer Interaction: Be prepared to directly engage with customers and their security teams to explain and clarify security controls for DTBU products.
• Security Insights and Compliance: Be prepared to advise internal leadership on security practices, potential risks, and enhancements based on customer feedback and industry trends. Maintain knowledge of compliance standards (GDPR, HIPAA, SOC2, ISO 27001 etc.) relevant to DTBU.
• Process Improvement and Reporting: Prioritize initiatives to simplify processes and enhance customer satisfaction. Regularly update IT stakeholders and business leaders, including the GCISO, on program status and developments.

Service Accountability: Ensure prompt response to security-related support requests and hold yourself & DTBU stakeholders accountable for delivering on commitments and meeting SLA targets.

Must Haves

• Bachelor’s degree in information security, Cybersecurity, or a related field
• 4+ years of relevant experience a compliance or IT security role, preferably within the MedTech or Healthcare sector.
• Solid understanding of IT Security and audit principles
• Ability to understand, question, and interpret internal and external security environments.
• Working knowledge of compliance frameworks (e.g., ISO 27001, NIST, GDPR, HIPAA), as well as regulatory requirements (HIPAA, GDPR)
• Demonstrated ability to handle complex security inquiries.
• Experience communicating technical information to non-technical team members.
• Excellent project management skills

Nice to Haves

• Previous Medtech or healthcare experience strongly preferred.
• Certifications such as CISM, CISA, CISSP highly desirable
• In depth understanding of cloud security, data privacy laws, and regulatory requirements.
• Experience working across business units and geographical boundaries to engage IT, business counterparts, and team members.

Physical Job Requirements
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.
Benefits & Compensation
Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).
About Medtronic
We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 90,000+ passionate people.
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.
Learn more about our business, mission, and our commitment to diversity
her

• Business Understanding: Develop a thorough understanding of the Digital Technologies business, products and key stakeholders.
• Security Questionnaire Lead: Serve as the primary contact for completing security questionnaires related to Digital Technologies Business Unit (DTBU) products, ensuring timely and accurate responses per internal service level agreements (SLAs).
• Cross-Team Collaboration: Collaborate with R&D, Technical Services, Product Security, and the Global Cyber and Information Security Office (GCISO) teams to compile questionnaire responses.
• Database and Tools Management: Continuously update and enhance the security question-answer database to improve efficiency and reduce response times. Utilize tools like ProcessBolt to streamline processes.
• Customer Interaction: Be prepared to directly engage with customers and their security teams to explain and clarify security controls for DTBU products.
• Security Insights and Compliance: Be prepared to advise internal leadership on security practices, potential risks, and enhancements based on customer feedback and industry trends. Maintain knowledge of compliance standards (GDPR, HIPAA, SOC2, ISO 27001 etc.) relevant to DTBU.
• Process Improvement and Reporting: Prioritize initiatives to simplify processes and enhance customer satisfaction. Regularly update IT stakeholders and business leaders, including the GCISO, on program status and developments