MED Medtronic Inc
Principal Software and Security Compliance Audit Specialist
MED Medtronic Inc, Minneapolis, Minnesota, United States, 55400
Overview
We anticipate the application window for this opening will close on - 20 Oct 2025 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms. Our brand is rooted in action, not just words. The Medtronic Mindset defines the expectations of our culture. Every person here plays a role in bringing it to life. We recognize your extraordinary potential to ensure future generations live better, healthier lives. Responsibilities
The Principal Compliance Audit Specialist – Software and Product Cybersecurity focuses on auditing regulated medical device software, product cybersecurity, and risk management. Responsibilities include leading with vision, bold inclusive thinking, and bringing solutions to benefit patients, business partners, and customers. Must have experience, SME, and technical knowledge working with regulated medical device software and product cybersecurity requirements. Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software. Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents. Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities. Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures. Counsel stakeholders about these requirements as necessary. Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns. Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, including coaching business partners on compliance gaps, data, and corrective actions. Own development of training and awareness programs for SaMD, SiMD, and product cybersecurity to increase auditor awareness and knowledge. Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they apply to Medtronic. Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity. Identify opportunities for regulated medical device software and product security enhancement. Possess understanding of SBOM development and maintenance for vulnerability monitoring. Possess understanding of non-probabilistic scoring methodologies for security threats (e.g., CVSS) and apply appropriately. Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies. Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks. Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development. Analyze complex issues and significantly improve, change, or adapt existing methods. Show creativity and innovation in all aspects of responsibilities. Expected travel : 20-25% Qualifications
Must have: Minimum Requirements — Bachelor\'s degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry Nice to Have Preference is given to those with relevant software development or product cybersecurity engineering experience or background. Experience in Quality / Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485) Experience with regulated medical device software requirements: IEC 62304, IEC 82304-1, US FDA guidance, MDCG guidance, IMDRF guidance, ISO 14971, EU AI Act Experience with regulated product cybersecurity requirements: IEC 81001-5-1, SW96, US FDA cybersecurity guidance, MDCG guidance, ENISA, ISO 80001-2, ISO 14971 Security certifications (e.g., CISSP, CEH, CISA, CISM, Security+) Firsthand experience assessing medical device software and product cybersecurity of regulated or safety-critical devices. Experience auditing Quality Systems to global requirements; Quality System Lead Auditor certified Prior FDA or NB auditor experience Experience performing hardware and software penetration testing Understanding of the software and product cybersecurity development lifecycle and product development process Experience in leading small teams Knowledge in risk management and assessment methodologies, product cybersecurity frameworks, and relevant global regulations Strong capability to research and evaluate emerging technologies Familiarity with threat modeling, vulnerability scanning tools, and common attack routes Demonstrated flexibility and proactive change management Experience in regulated environment and/or formal quality system Occasional after-hours availability to accommodate regional/global partners Medical device engineering experience Strong technical and troubleshooting skills. Strong interpersonal communication and collaborative work style Comfortable working in an ambiguous environment. Innovative thinker:
ability to think outside norms and processes Independent self-starter Solid writing and presentation skills; interest in novel applications of technology Physical Job Requirements Additional Information
The above statements describe general nature and level of work and are not exhaustive. The physical demands described are representative of those required to perform essential functions. Reasonable accommodations may be made for individuals with disabilities. For office roles, regular mobility and computer use required; consult manager/HR for role-specific conditions. Benefits & Compensation
Medtronic offers a competitive salary and flexible benefits package. A commitment to employees lives at the core of our values; details below. Salary ranges for U.S. locations: $113,600.00 - $170,400.00; eligible for Medtronic Incentive Plan (MIP); base salary varies by experience, certification/education, market conditions, and location. Benefits for regular employees working 20+ hours per week include health, dental, vision, HSA/HSAFSA, life insurance, long-term disability, dependent care, tuition assistance, and well-being programs. Additional benefits for regular employees include incentive plans, 401(k) with match, disability leave, PTO, holidays, employee stock purchase plan, EAP, and retirement plans. Regular vs temporary employee definitions and local variations noted; some benefits may not apply in Puerto Rico. Further details available at the link below. About Medtronic
We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. We are engineers at heart—putting ambitious ideas to work to generate real solutions for real people. From R&D to manufacturing to collaboration, we innovate to engineer the extraordinary. Learn more about our business, mission, and commitment to diversity. It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by law. Medtronic will provide reasonable accommodations for qualified individuals with disabilities. If you are applying to perform work for Medtronic, Inc. in any position that will involve at least two hours of work per week within Los Angeles County, a list of material job duties may be provided to assess criminal history as required by local ordinances (Fair Chance laws). Medtronic will consider qualified applicants with arrest or conviction records in accordance with applicable laws.
#J-18808-Ljbffr
We anticipate the application window for this opening will close on - 20 Oct 2025 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms. Our brand is rooted in action, not just words. The Medtronic Mindset defines the expectations of our culture. Every person here plays a role in bringing it to life. We recognize your extraordinary potential to ensure future generations live better, healthier lives. Responsibilities
The Principal Compliance Audit Specialist – Software and Product Cybersecurity focuses on auditing regulated medical device software, product cybersecurity, and risk management. Responsibilities include leading with vision, bold inclusive thinking, and bringing solutions to benefit patients, business partners, and customers. Must have experience, SME, and technical knowledge working with regulated medical device software and product cybersecurity requirements. Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software. Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents. Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities. Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures. Counsel stakeholders about these requirements as necessary. Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns. Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, including coaching business partners on compliance gaps, data, and corrective actions. Own development of training and awareness programs for SaMD, SiMD, and product cybersecurity to increase auditor awareness and knowledge. Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they apply to Medtronic. Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity. Identify opportunities for regulated medical device software and product security enhancement. Possess understanding of SBOM development and maintenance for vulnerability monitoring. Possess understanding of non-probabilistic scoring methodologies for security threats (e.g., CVSS) and apply appropriately. Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies. Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks. Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development. Analyze complex issues and significantly improve, change, or adapt existing methods. Show creativity and innovation in all aspects of responsibilities. Expected travel : 20-25% Qualifications
Must have: Minimum Requirements — Bachelor\'s degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry Nice to Have Preference is given to those with relevant software development or product cybersecurity engineering experience or background. Experience in Quality / Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485) Experience with regulated medical device software requirements: IEC 62304, IEC 82304-1, US FDA guidance, MDCG guidance, IMDRF guidance, ISO 14971, EU AI Act Experience with regulated product cybersecurity requirements: IEC 81001-5-1, SW96, US FDA cybersecurity guidance, MDCG guidance, ENISA, ISO 80001-2, ISO 14971 Security certifications (e.g., CISSP, CEH, CISA, CISM, Security+) Firsthand experience assessing medical device software and product cybersecurity of regulated or safety-critical devices. Experience auditing Quality Systems to global requirements; Quality System Lead Auditor certified Prior FDA or NB auditor experience Experience performing hardware and software penetration testing Understanding of the software and product cybersecurity development lifecycle and product development process Experience in leading small teams Knowledge in risk management and assessment methodologies, product cybersecurity frameworks, and relevant global regulations Strong capability to research and evaluate emerging technologies Familiarity with threat modeling, vulnerability scanning tools, and common attack routes Demonstrated flexibility and proactive change management Experience in regulated environment and/or formal quality system Occasional after-hours availability to accommodate regional/global partners Medical device engineering experience Strong technical and troubleshooting skills. Strong interpersonal communication and collaborative work style Comfortable working in an ambiguous environment. Innovative thinker:
ability to think outside norms and processes Independent self-starter Solid writing and presentation skills; interest in novel applications of technology Physical Job Requirements Additional Information
The above statements describe general nature and level of work and are not exhaustive. The physical demands described are representative of those required to perform essential functions. Reasonable accommodations may be made for individuals with disabilities. For office roles, regular mobility and computer use required; consult manager/HR for role-specific conditions. Benefits & Compensation
Medtronic offers a competitive salary and flexible benefits package. A commitment to employees lives at the core of our values; details below. Salary ranges for U.S. locations: $113,600.00 - $170,400.00; eligible for Medtronic Incentive Plan (MIP); base salary varies by experience, certification/education, market conditions, and location. Benefits for regular employees working 20+ hours per week include health, dental, vision, HSA/HSAFSA, life insurance, long-term disability, dependent care, tuition assistance, and well-being programs. Additional benefits for regular employees include incentive plans, 401(k) with match, disability leave, PTO, holidays, employee stock purchase plan, EAP, and retirement plans. Regular vs temporary employee definitions and local variations noted; some benefits may not apply in Puerto Rico. Further details available at the link below. About Medtronic
We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. We are engineers at heart—putting ambitious ideas to work to generate real solutions for real people. From R&D to manufacturing to collaboration, we innovate to engineer the extraordinary. Learn more about our business, mission, and commitment to diversity. It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by law. Medtronic will provide reasonable accommodations for qualified individuals with disabilities. If you are applying to perform work for Medtronic, Inc. in any position that will involve at least two hours of work per week within Los Angeles County, a list of material job duties may be provided to assess criminal history as required by local ordinances (Fair Chance laws). Medtronic will consider qualified applicants with arrest or conviction records in accordance with applicable laws.
#J-18808-Ljbffr