Principal, Cybersecurity Regulatory & Program Analyst

Company Description

At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare’s hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere—we strive to foster an inclusive culture built around diversity of thought and mutual respect.We lead with inclusion and empower our team members to do their best work as theirmost authentic selves.

Passionate people who want to make a difference drive our culture—our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together,let’s advance the world of minimally invasive care.

Job Description

At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare’s hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere—we strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture—our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let’s advance the world of minimally invasive care.

The Product Security Engineering Team is responsible for securing; software products, infrastructure, and cloud services, and IoMT (medical devices and solutions) which collect and analyze medical device machine data from thousands of systems deployed world-wide.

The ideal candidate for the position of Principal, Product Security Regulatory & Program Analyst will have proven experience working in the field of medical device regulation and conformance, Cybersecurity control frameworks, designing and consulting upon securing and operating; on-premise, public, and private cloud, customer facing products and services within the FDA regulated medical device space. The position requires a candidate with strong Cybersecurity (CS), technical, regulatory, and interpersonal skills, the ability to work effectively and collaboratively with the business, pre-market & post-market CS, peer Engineering teams, and across business units; to deliver high quality solutions that ensure patient safety, regulatory compliance, and data/system security.

Roles & Responsibilities:

• Subject matter expert for Cyber-Regulatory and compliance


• Regulatory, standards, and design consulting for engineering cybersecurity, system design, and architecture


• Provides the Product Security Engineering team and customers/stakeholders clear procedural guidance on adherence and accomplishment of CS regulatory objectives, guidance interpretation, and hands on technical architecture support for achievement of stated objectives


• Drives creation of guidance-based conformance and procedural documentation (SOP, DOP, WI), playbooks, and continuous improvement / optimization review


• Remain abreast of medical device regulation related to CS to achieve stated objectives (FDA, KFDA, EUMDR, etc.) and remain consistent with architectural and tactical guidance for adherence


• Provides hands on analysis and documentation support for Cyber Threat Model control analysis and delivery as a Subject Matter Expert


• Ensures comprehensive, status updates and reporting to key stakeholders at a frequency appropriate to the engagement/finding(s) for Regulatory surveillance and assessment


• As required, functionally supports the cyber risk teams in Cyber Risk Analysis and Threat Modeling of complex systems, including interconnected web, application, and database technology stacks with networked medical devices


• Works with engineering teams to architect, select, and implement security-first tools for integration into software build and release pipeline
  


• Prepare business and technical analysis


• Participate in design of policies to improve the robustness and defense-in-depth for product lines


• Collects various privacy framework requirements and designs cybersecurity architecture and controls to support technical achievement of privacy requirements


• Other duties as assigned

Qualifications

Skills, Experience, Education, & Training:

• Deep knowledge and proven experience in designing architecture recommendations founded upon secure-by-design principles and regulatory/standards based guidance


• Subject Matter Expertise in Cybersecurity regulation, standardized framework, the general medical device regulatory framework/landscape, and risk analysis
  


• Experience with achievement of data privacy and compliance through the application of security controls


• Ability to be concise and clear in communication


• Five or more years’ experience, with medical device, ICS/SCADA or embedded system experience highly desirable


• Minimum 10 years’ experience in an FDA regulated industry with direct application of FDA regulation for Cybersecurity (Additional regulated market experience preferred, e.g. NMPA, MDR, ISO, etc.)


• Minimum 10 years and progressive development through Cybersecurity and regulatory/standards based roles


• Minimum BS/BA required; MS or PhD highly desirable along with demonstration of sophisticated and logical thought processes


• CAP, CISA, CISSP, GCIA, GIAC, GISF, GSEC, SSCP or equivalent certification preferred


• Strong analytic skills
  


• Excellent judgment: proven ability to make difficult trade-offs with sound judgment and rationale


• Travel: <15%


• Job location: Remote or any U.S. Intuitive Office location.
  

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.