Medtronic is looking to solve issues related to regulated medical device software, product cybersecurity, and risk management by hiring a Principal Compliance Audit Specialist.
Requirements
- Experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
- Understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring.
- Understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately.
- Experience with regulated medical device software requirements: IEC 62304:2006 + AMD1:2015, IEC 82304-1:2016, United States FDA Device Software Functions related Guidance’s, United States FDA Interoperability related Guidance’s, United States FDA AI-Enabled Device Software Function Guidance, European Commission’s Guidance’s on Medical Device Software (MDCG 2019-11, MDCG 2023-4, MDCG 2025-4), IMDRF’s Software as a Medical Device (SaMD) Guidance’s, ISO 14971:2019, EU AI Act.
- Experience with regulated product cybersecurity requirements: IEC 81001-5-1:2021, SW96:2023, United States FDA Pre-Market and Post-Market Product Cybersecurity Guidance’s, European Commission’s Guidance on Cybersecurity of Medical Devices (MDCG 2019-16), IMDRF’s Principles and Practices for Medical Device Cybersecurity Guidance’s, ENISA – EU Cybersecurity Act, ISO 80001-2 series and ISO 14971.
- Security Certifications (i.e., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.).
- Experience performing hardware and software penetration testing.
Responsibilities
- Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
- Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software.
- Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents.
- Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities.
- Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures.
- Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns.
- Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions.
Other
- Bachelor's degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry
- Expected travel: 20-25%
- Minimum of 4 days a week onsite
- Occasional after-hours availability to accommodate different regional and global partners.
- Strong interpersonal communication and ability to demonstrate a collaborative work style.
