17 days old

Principal, Cybersecurity Regulatory & Program Analyst

Intuitive Surgical, Inc.
Sunnyvale, CA 94086
  • Job Code
    INSUUS214542EXTERNALENUS
At Intuitive, we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints. Our mission is our guiding force; our culture is the DNA that makes us unique.

As a pioneer in robotic-assisted surgery (RAS), we have been expanding our innovations through technology to help make a difference in the world. For 25 years, human ingenuity has guided our journey to help solve some of healthcare's complex challenges.

We believe a great idea can come from anywhere-inclusion and mutual respect are vital to our culture. We value character grounded in integrity, a strong capacity to learn, the energy to get things done, and diverse experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and strive to achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients.

Together, let's help to advance the world of minimally invasive care.

The Product Security Engineering Team is responsible for securing; software products, infrastructure, and cloud services, and IoMT (medical devices and solutions) which collect and analyze medical device machine data from thousands of systems deployed world-wide.

The ideal candidate for the position of Principal, Product Security Regulatory & Program Analyst will have proven experience working in the field of medical device regulation and conformance, Cybersecurity control frameworks, designing and consulting upon securing and operating; on-premise, public, and private cloud, customer facing products and services within the FDA regulated medical device space. The position requires a candidate with strong Cybersecurity (CS), technical, regulatory, and interpersonal skills, the ability to work effectively and collaboratively with the business, pre-market & post-market CS, peer Engineering teams, and across business units; to deliver high quality solutions that ensure patient safety, regulatory compliance, and data/system security.

Roles & Responsibilities:

  • Subject matter expert for Cyber-Regulatory and compliance
  • Regulatory, standards, and design consulting for engineering cybersecurity, system design, and architecture
  • Provides the Product Security Engineering team and customers/stakeholders clear procedural guidance on adherence and accomplishment of CS regulatory objectives, guidance interpretation, and hands on technical architecture support for achievement of stated objectives
  • Drives creation of guidance-based conformance and procedural documentation (SOP, DOP, WI), playbooks, and continuous improvement / optimization review
  • Remain abreast of medical device regulation related to CS to achieve stated objectives (FDA, KFDA, EUMDR, etc.) and remain consistent with architectural and tactical guidance for adherence
  • Provides hands on analysis and documentation support for Cyber Threat Model control analysis and delivery as a Subject Matter Expert
  • Ensures comprehensive, status updates and reporting to key stakeholders at a frequency appropriate to the engagement/finding(s) for Regulatory surveillance and assessment
  • As required, functionally supports the cyber risk teams in Cyber Risk Analysis and Threat Modeling of complex systems, including interconnected web, application, and database technology stacks with networked medical devices
  • Works with engineering teams to architect, select, and implement security-first tools for integration into software build and release pipeline
  • Prepare business and technical analysis
  • Participate in design of policies to improve the robustness and defense-in-depth for product lines
  • Collects various privacy framework requirements and designs cybersecurity architecture and controls to support technical achievement of privacy requirements
  • Other duties as assigned

Skills, Experience, Education, & Training:
  • Deep knowledge and proven experience in designing architecture recommendations founded upon secure-by-design principles and regulatory/standards based guidance
  • Subject Matter Expertise in Cybersecurity regulation, standardized framework, the general medical device regulatory framework/landscape, and risk analysis
  • Experience with achievement of data privacy and compliance through the application of security controls
  • Ability to be concise and clear in communication
  • Five or more years' experience, with medical device, ICS/SCADA or embedded system experience highly desirable
  • Minimum 10+ years' experience in an FDA regulated industry with direct application of FDA regulation for Cybersecurity (Additional regulated market experience preferred, e.g. NMPA, MDR, ISO, etc.)
  • Minimum 10+ years and progressive development through Cybersecurity and regulatory/standards based roles
  • Minimum BS/BA required; MS or PhD highly desirable along with demonstration of sophisticated and logical thought processes
  • CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification preferred
  • Strong analytic skills
  • Excellent judgment: proven ability to make difficult trade-offs with sound judgment and rationale
  • Travel:
  • Job location: Remote or any U.S. Intuitive Office location.

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Shift : Shift 1 - Day

Travel : Yes, 10 % of the Time





Posted: 2021-10-08 Expires: 2021-11-06
Sponsored by:
ADP Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Principal, Cybersecurity Regulatory & Program Analyst

Intuitive Surgical, Inc.
Sunnyvale, CA 94086

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast