Medtronic is looking to solve problems related to medical device software, product cybersecurity, and risk management through internal audits. They need to ensure compliance with regulatory requirements, identify gaps, and enhance the security and safety of their medical devices.
Requirements
- Experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
- Understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring.
- Understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately.
- Experience with regulated medical device software requirements: IEC 62304:2006 + AMD1:2015, IEC 82304-1:2016, United States FDA Device Software Functions related Guidance’s, United States FDA Interoperability related Guidance’s, United States FDA AI-Enabled Device Software Function Guidance, European Commission’s Guidance’s on Medical Device Software (MDCG 2019-11, MDCG 2023-4, MDCG 2025-4), IMDRF’s Software as a Medical Device (SaMD) Guidance’s, ISO 14971:2019, EU AI Act
- Experience with regulated product cybersecurity requirements: IEC 81001-5-1:2021, SW96:2023, United States FDA Pre-Market and Post-Market Product Cybersecurity Guidance’s, European Commission’s Guidance on Cybersecurity of Medical Devices (MDCG 2019-16), IMDRF’s Principles and Practices for Medical Device Cybersecurity Guidance’s, ENISA – EU Cybersecurity Act, ISO 80001-2 series and ISO 14971
- Security Certifications (i.e., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
- Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices.
Responsibilities
- Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
- Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software.
- Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents.
- Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities.
- Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures.
- Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions.
- Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic.
Other
- Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms.
- Expected travel: 20-25%
- Bachelor's degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry OR PhD with 3+ years of work experience in Quality or regulated industry
- Occasional after-hours availability to accommodate different regional and global partners.
- Strong interpersonal communication and ability to demonstrate a collaborative work style.
