Senior Cybersecurity Engineer

Career That Changes Lives

The Principal Cyber Info Assurance Analyst will join the Business Information Security team within the Business Partner Services (BPS) group and partner closely with the Global Security Office (GSO). You will serve as a champion of the GSO, focusing on enhancing user experience with our business partners. You'll serve as a cybersecurity and compliance subject matter expert (SME) to the intelligent Data Solutions business. The cybersecurity SME will focus on identifying, prioritizing and driving remediation of all security risks owned by the business.

Key Responsibilities

• Maintain relationships within Operating Unit proactively share business' upcoming projects to the GSO
• Engage with cross functional teams to drive complex data security issues to resolution
• Contribute continuous improvement to the methodologies and practices of the Business Information Security to attain higher capability maturity levels
• Track status of open requests/tasks and drive accountability of requestors to ensure timely submitting
• Partner with the GSO and Privacy to perform deep dives over high risk processes and systems to identify and remediate gaps in data security
• Support implementing monitoring Security compliance activities related to HITRUST, ISO27001, SOC2, etc.
• Help facilitate and/or respond to Customer Inquiries
• Streamline processes and use of tools across Global IT to ensure data flow and security is maintained in the most efficient way possible
• Provide insight and business background to include data security, encryption, authorization, authentication, and access controls to the GSO process teams, when needed
• Prepare status reports on data security and privacy matters to educate the Business Relationship Managers (BRM) and business leadership about business owned IT security risks
• Compile and communicate security/privacy risk to Business IT Leadership, BRMs and business leadership as appropriate
• Establish a forum for outreach to the broader organization you represent to educate business requestors, business leaders, and IT leadership on the GSO Engagement processes
• Demonstrate strong knowledge of IT security controls, security risk and threats
• Regularly meet with the GSO to discuss issues, concerns, complex or high visibility projects, process improvement areas, and review SLA goals and actual results – leverage these relationships and information to ensure business readiness, engagement, and alignment with security programs and initiatives.
• Act as a resource for security compliance questions, risks, and concerns for the business
• Perform other security-related duties as and when directed by the Business Information Security management
• Engage in stakeholder management in their respective business
• Reach out and meet with stakeholders, educate them about the GSO and Global IT
• Serve business stakeholders and requesters as "Customers" with a focus on service and support
• Advise business / R&D teams on attaining security reviews earlier in their projects
• Hold yourself and your business accountable for committed deliverables and deadlines
• Ensure timely response to requests for security support from the business.

Basic Qualifications

Must Have (Minimum Qualifications)

• High school diploma (or equivalent) and 12+ years of experience
OR
• Bachelor's degree and 7+ years of experience or advanced degree and 5+ years of experience

Desired / Preferred Qualifications

Nice To Have (Preferred Qualifications)

• Previous Medtronic experience
• Preference given to current Medtronic employees
• Strongly preferred:
• Experience in audit, risk management, vulnerability management, governance, IT security and/or compliance functions
• Experience with cloud storage systems/PaaS/SaaS
• Experience with AWS highly regarded
• Clear understanding of product architecture, data, data flows, and usage
• Experience working across business units and geographical boundaries to engage IT, business counterparts, and team members
• Ability to understand, question, and interpret internal and external security environments
• 3+ years working in IT GRC or controls function
• Proven experience dealing with ambiguous situations, and producing a consistent result with varied input
• Working knowledge of IT and security control frameworks (NIST, CobiT, ITIL, CyberEssentials, HDH), as well as regulatory requirements (PCI, HIPAA, GDPR, CCPA)
• Knowledge of information risk concepts and practices required
• Knowledge of controls manifestation in large global corporations with regional and local presence is required
• Experience communicating conceptual and technical information
• Experience translating technical data into business impact information
• Experience working with ServiceNow GRC (Governance, Risk, and Compliance)
• Knowledge of Frameworks, including PCI, SOX and ISO 27001 is a plus
• Detailed knowledge of ITGRC, Auditing principles / practices is desired
• Good understanding of Vendor management desired
• Good understanding of security frameworks desired, included but not limited to NIST, HISTRUST, OWASP, etc.
• Good project management skills desired
• Experience in examining reports on security controls (SSAE-16, PCI-ROC, Application Security Assessments)

About Medtronic

We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.

Bring your talents to an industry leader in medical technology and healthcare solutions – we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare.

A Day in the Life

• Maintain relationships within Operating Unit proactively share business' upcoming projects to the GSO
• Engage with cross functional teams to drive complex data security issues to resolution
• Contribute continuous improvement to the methodologies and practices of the Business Information Security to attain higher capability maturity levels
• Track status of open requests/tasks and drive accountability of requestors to ensure timely submitting
• Partner with the GSO and Privacy to perform deep dives over high risk processes and systems to identify and remediate gaps in data security
• Support implementing monitoring Security compliance activities related to HITRUST, ISO27001, SOC2, etc.
• Help facilitate and/or respond to Customer Inquiries
• Streamline processes and use of tools across Global IT to ensure data flow and security is maintained in the most efficient way possible
• Provide insight and business background to include data security, encryption, authorization, authentication, and access controls to the GSO process teams, when needed
• Prepare status reports on data security and privacy matters to educate the Business Relationship Managers (BRM) and business leadership about business owned IT security risks
• Compile and communicate security/privacy risk to Business IT Leadership, BRMs and business leadership as appropriate
• Establish a forum for outreach to the broader organization you represent to educate business requestors, business leaders, and IT leadership on the GSO Engagement processes
• Demonstrate strong knowledge of IT security controls, security risk and threats
• Regularly meet with the GSO to discuss issues, concerns, complex or high visibility projects, process improvement areas, and review SLA goals and actual results – leverage these relationships and information to ensure business readiness, engagement, and alignment with security programs and initiatives.
• Act as a resource for security compliance questions, risks, and concerns for the business
• Perform other security-related duties as and when directed by the Business Information Security management
• Engage in stakeholder management in their respective business
• Reach out and meet with stakeholders, educate them about the GSO and Global IT
• Serve business stakeholders and requesters as "Customers" with a focus on service and support
• Advise business / R&D teams on attaining security reviews earlier in their projects
• Hold yourself and your business accountable for committed deliverables and deadlines
• Ensure timely response to requests for security support from the business.

About Medtronic

We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.

Bring your talents to an industry leader in medical technology and healthcare solutions – we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare.

Why Medtronic?

We are a global leader in medical technology and healthcare solutions. Our mission is to alleviate pain, restore health, and extend life. We are committed to innovation, quality, and customer satisfaction. We offer a dynamic and inclusive work environment, with opportunities for growth and development. We are proud to be a leader in our industry and look forward to welcoming you to our team.

What We Offer

We offer a competitive salary and benefits package, as well as opportunities for professional growth and development. We are committed to diversity and inclusion, and we strive to create a work environment that is welcoming and inclusive to all employees. We offer a range of benefits, including health insurance, retirement plans, and paid time off. We also offer opportunities for professional development, including training and education programs.

How to Apply

To apply for this position, please submit your resume and a cover letter explaining why you are interested in this role and how you meet the qualifications. We look forward to hearing from you

Contact Us

For more information about this position, please contact us at [insert contact information]. We look forward to hearing from you