At Intuitive, we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints. Our mission is our guiding force; our culture is the DNA that makes us unique.
As a pioneer in robotic-assisted surgery (RAS), we have been expanding our innovations through technology to help make a difference in the world. For 25 years, human ingenuity has guided our journey to help solve some of healthcare's complex challenges.
We believe a great idea can come from anywhere-inclusion and mutual respect are vital to our culture. We value character grounded in integrity, a strong capacity to learn, the energy to get things done, and diverse experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and strive to achieve their highest potential.
Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's help to advance the world of minimally invasive care.
Primary Function of Position:
Roles and Responsibilities:
Complete customer risk and data privacy audit documentation with respect to our product and services
Work closely with our internal regulatory bodies to ensure security, data and HIPPA policies are functional, effective and are in accordance with domestic and international regulatory compliances
Participate in pre-sales activities to champion the products cybersecurity and data privacy design, control and policies.
Partner with product engineering to create and maintain manufacturing disclosure statements MDS2
Contribute to on-going strategic planning activities within the Information Protection program.
Understand the information lifecycle, including data transfer, data in-use and data at rest of products and services.
Demonstrated ability to investigate and learn new technologies and products.
Be knowledgeable with Intuitive Surgical's cybersecurity, HIPPA and data privacy policies, processes, procedures
Be able to execute ad-hoc projects as assigned by management
Be able to work within a Global Support Team and providing support wide range of time zones; some travel and a flexible work schedule is required
Collaborate with executive management and department leaders to assess near- and long-term Information Security compliance needs
Serve as subject matter expert to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (e.g. SOX 2, HIPAA, etc.) and industry best practices (e.g. NIST CSF, ISO 27001 and 27017, ITIL, COSO, COBIT, etc.)
Minimum of 5 years of experience in Information Security, Internal Audit and/or IT Risk Management functions
Minimum of 3 years of experience with managing IT, Internal Audit or Information Security compliance programs
Minimum of 3 years of information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, CSA CCM and PCI DSS
Familiar working with hospital IT or in medical regulated environment
Knowledge of FDA pre and post management of cybersecurity of medical device guidance's, NIST Cybersecurity Framework and or ISO 270001
Experienced with network security infrastructure, threats and vulnerabilities to networks, and mitigate security threats.
Experience with encryption, cryptography and certificate/key management.
Understanding of the Risk Management Framework (RMF)
Expertise with a variety of information protection technologies, including DLP, data classification and information rights management solutions.
Great customer facing skills that can discuss technical information with a wide range of audiences (from a service engineer, clinicians to a CTO/CIO)
Exceptional ability to multi-task, make sound judgments and respond with a sense of urgency in order to effectively support the business. Thoroughness in completing tasks is imperative.
Experience managing and completing projects
Ability to handle stress and work well under pressure
Knowledge of key IT risks, controls, and ability to use technology-based audit techniques.
Experience in supporting the formal testing required by government/industry accrediting authorities and preparing System Security Plans
Understanding of information operations concepts such as: Access Control, User Authentication & Identity Management, Vulnerability and Malware Analysis.
Experience in Federal Information System Management Act (FISMA) reporting and other information assurance assurance-related compliance reporting.
CISA, CISM, CAP or CISSP are preferred
Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws. We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Shift : * Shift 1 - Day