Medtronic
Principal Software and Security Compliance Audit Specialist
Medtronic, Minneapolis, Minnesota, United States, 55400
Overview
We anticipate the application window for this opening will close on - 7 Oct 2025. At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life
Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms. Our brand is rooted in action, not just words. The Medtronic Mindset defines the expectations of our culture. Every person here plays a role in bringing it to life. We recognize your extraordinary potential to ensure future generations live better, healthier lives. The Principal Compliance Audit Specialist – Software and Product Cybersecurity position focuses on auditing regulated medical device software, product cybersecurity, and risk management. We look for leaders who have a clear vision of where we are going and how to get there, bold inclusive thinkers who create new ideas and bring our best solutions forward to benefit our patients, business partners, and customers. Responsibilities
Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements. Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software. Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents. Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities. Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures. May counsel stakeholders about these requirements as necessary. Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns. Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions. Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements. Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic. Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity. Identify opportunities for regulated medical device software and product security enhancement. Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring. Possess an understanding of non-probabilistic scoring methodologies for security threats like CVSS and apply appropriately. Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies. Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks. Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development. Analyze complex issues and significantly improve, change, or adapt existing methods. Show creativity and innovation in all aspects of your responsibilities. Expected travel: 20-25%. Minimum Requirements
Must have: Minimum requirements Bachelor\'s degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry Nice to Have
Preference is given to those with relevant software development or product cybersecurity engineering experience or background. Experience in Quality/Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485) Experience with regulated medical device software requirements, including: IEC 62304:2006 + AMD1:2015; IEC 82304-1:2016; US FDA Device Software Functions related Guidance; US FDA Interoperability related Guidance; US FDA AI-Enabled Device Software Function Guidance; European Commission MDCG guidance; IMDRF SaMD Guidance; ISO 14971:2019; EU AI Act. Experience with regulated product cybersecurity requirements, including: IEC 81001-5-1:2021; SW96:2023; US FDA Guidance; MDCG guidelines; IMDRF; ENISA; ISO 80001-2 and ISO 14971. Security Certifications (e.g., CISSP, CEH, CISA, CISM, Security+). Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices. Experience auditing Quality Systems to global requirements. Quality System Lead Auditor certified; prior FDA or NB auditor experience. Experience performing hardware and software penetration testing. Understanding of software and product cybersecurity development lifecycle and product development processes. Experience leading small teams. Knowledge of risk management and assessment methodologies, product cybersecurity frameworks and global regulations. Strong capability to research and evaluate emerging technologies. Familiarity with threat modeling, vulnerability scanning tools, and common attack routes. Ability to work flexibly and manage change; experience in a regulated environment and/or formal quality system. Occasional after-hours availability for regional/global partners. Medical device engineering experience; strong technical and troubleshooting skills. Strong interpersonal communication and collaborative work style; comfortable in ambiguity. Innovative thinker and independent self-starter; solid writing and presentation skills. Interest in novel applications of technology. Benefits & Compensation
Medtronic offers a competitive salary and flexible benefits package, plus a range of programs to support employees at every career and life stage. Salary ranges for U.S. locations (USD): $113,600 - $170,400. Eligible for Medtronic Incentive Plan (MIP). Base salary varies by experience, certification/education, market conditions, and location. The following benefits are available to regular employees who work 20+ hours per week: Health, Dental and Vision insurance; Health Savings Account; Healthcare Flexible Spending Account; Life insurance; Long-term disability; Dependent daycare spending account; Tuition assistance/reimbursement; and the Well-being program. The following benefits are available to all regular employees: Incentive plans; 401(k) with employer match; Short-term disability; Paid time off; Paid holidays; Employee Stock Purchase Plan; Employee Assistance Program; Non-qualified Retirement Plan Supplement; Capital Accumulation Plan (availability varies by role and IRS minimums). Regular employees are those not in temporary roles. Some benefits may not apply in certain locations. Details at: Medtronic benefits and compensation plans. About Medtronic
We lead global healthcare technology and boldly attack challenging health problems by finding solutions. Our Mission is to alleviate pain, restore health, and extend life. We are engineers at heart, collaborating across R&D, manufacturing, and business to engineer the extraordinary. Learn more about our business, mission, and commitment to diversity here. Medtronic is an equal opportunity employer. We consider applicants without regard to age, color, national origin, citizenship status, disability, race, religion, gender, sexual orientation, gender identity and/or expression, genetic information, marital status, veteran status, or any other protected characteristic. Reasonable accommodations are provided for qualified individuals with disabilities. If you are applying to perform work for Medtronic in Los Angeles County, you can review the local Fair Chance Ordinance disclosures here.
#J-18808-Ljbffr
We anticipate the application window for this opening will close on - 7 Oct 2025. At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life
Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms. Our brand is rooted in action, not just words. The Medtronic Mindset defines the expectations of our culture. Every person here plays a role in bringing it to life. We recognize your extraordinary potential to ensure future generations live better, healthier lives. The Principal Compliance Audit Specialist – Software and Product Cybersecurity position focuses on auditing regulated medical device software, product cybersecurity, and risk management. We look for leaders who have a clear vision of where we are going and how to get there, bold inclusive thinkers who create new ideas and bring our best solutions forward to benefit our patients, business partners, and customers. Responsibilities
Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements. Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software. Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents. Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities. Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures. May counsel stakeholders about these requirements as necessary. Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns. Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions. Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements. Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic. Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity. Identify opportunities for regulated medical device software and product security enhancement. Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring. Possess an understanding of non-probabilistic scoring methodologies for security threats like CVSS and apply appropriately. Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies. Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks. Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development. Analyze complex issues and significantly improve, change, or adapt existing methods. Show creativity and innovation in all aspects of your responsibilities. Expected travel: 20-25%. Minimum Requirements
Must have: Minimum requirements Bachelor\'s degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry Nice to Have
Preference is given to those with relevant software development or product cybersecurity engineering experience or background. Experience in Quality/Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485) Experience with regulated medical device software requirements, including: IEC 62304:2006 + AMD1:2015; IEC 82304-1:2016; US FDA Device Software Functions related Guidance; US FDA Interoperability related Guidance; US FDA AI-Enabled Device Software Function Guidance; European Commission MDCG guidance; IMDRF SaMD Guidance; ISO 14971:2019; EU AI Act. Experience with regulated product cybersecurity requirements, including: IEC 81001-5-1:2021; SW96:2023; US FDA Guidance; MDCG guidelines; IMDRF; ENISA; ISO 80001-2 and ISO 14971. Security Certifications (e.g., CISSP, CEH, CISA, CISM, Security+). Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices. Experience auditing Quality Systems to global requirements. Quality System Lead Auditor certified; prior FDA or NB auditor experience. Experience performing hardware and software penetration testing. Understanding of software and product cybersecurity development lifecycle and product development processes. Experience leading small teams. Knowledge of risk management and assessment methodologies, product cybersecurity frameworks and global regulations. Strong capability to research and evaluate emerging technologies. Familiarity with threat modeling, vulnerability scanning tools, and common attack routes. Ability to work flexibly and manage change; experience in a regulated environment and/or formal quality system. Occasional after-hours availability for regional/global partners. Medical device engineering experience; strong technical and troubleshooting skills. Strong interpersonal communication and collaborative work style; comfortable in ambiguity. Innovative thinker and independent self-starter; solid writing and presentation skills. Interest in novel applications of technology. Benefits & Compensation
Medtronic offers a competitive salary and flexible benefits package, plus a range of programs to support employees at every career and life stage. Salary ranges for U.S. locations (USD): $113,600 - $170,400. Eligible for Medtronic Incentive Plan (MIP). Base salary varies by experience, certification/education, market conditions, and location. The following benefits are available to regular employees who work 20+ hours per week: Health, Dental and Vision insurance; Health Savings Account; Healthcare Flexible Spending Account; Life insurance; Long-term disability; Dependent daycare spending account; Tuition assistance/reimbursement; and the Well-being program. The following benefits are available to all regular employees: Incentive plans; 401(k) with employer match; Short-term disability; Paid time off; Paid holidays; Employee Stock Purchase Plan; Employee Assistance Program; Non-qualified Retirement Plan Supplement; Capital Accumulation Plan (availability varies by role and IRS minimums). Regular employees are those not in temporary roles. Some benefits may not apply in certain locations. Details at: Medtronic benefits and compensation plans. About Medtronic
We lead global healthcare technology and boldly attack challenging health problems by finding solutions. Our Mission is to alleviate pain, restore health, and extend life. We are engineers at heart, collaborating across R&D, manufacturing, and business to engineer the extraordinary. Learn more about our business, mission, and commitment to diversity here. Medtronic is an equal opportunity employer. We consider applicants without regard to age, color, national origin, citizenship status, disability, race, religion, gender, sexual orientation, gender identity and/or expression, genetic information, marital status, veteran status, or any other protected characteristic. Reasonable accommodations are provided for qualified individuals with disabilities. If you are applying to perform work for Medtronic in Los Angeles County, you can review the local Fair Chance Ordinance disclosures here.
#J-18808-Ljbffr