Director Product Security

Company Description

At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.

Job Description

Primary Function of Position

The Director of Product Security will lead the product security team within Intuitive's Core Technology Engineering (CTE) group. The team is responsible for the embedded security across Intuitive's medical systems, instruments, accessories, and associated manufacturing/field processes. The work covers security architecture, security design, risk analysis, testing, provisioning, and more. The product security leader will drive operational excellence, direct high-level engineering, ensure security maturity, and nurture a fast-paced culture focused on first-principles decision making.

Essential Job Duties

• Own and deliver on the product security strategy across all Intuitive Surgical medical products.

• Enable and lead resources to innovate and develop strong security programs and strategies within the domains of Product Security, Platform and System Security, Access Management, Security Risk Management, Security Test and Verification, Security Operations, and Manufacturing Security.

• Develop and manage an organization focused on data-driven decisions, engineering rigor, and clear objectives that fostering a culture of innovation and continuous improvement.

• Promote and grow our culture of security across indirect product teams and business units by designing, building, and operating uniform security policies and controls across multiple product lines.

• Work closely with product development, manufacturing, legal, and regulatory teams to integrate security best practices across the full product lifecycle.

• Maintain a deep understanding of the regulatory environment, evolving cybersecurity laws, and compliance standards for medical device manufacturers, and influence product decisions to ensure the compliance of Intuitive Surgical products.

• Manage the allocation of resources and budget for CTE's Product Security organization.

• Participate in product requirement and technical design discussions.

• Nurture engineering teams and foster a culture of collaboration, trust, and ownership.

• Lead implementation of projects and encourage engineering innovation and continuous learning.

• Set risk management guidelines and partner with stakeholders to implement key risk management initiatives.

• Represent Intuitive on security matters with external stakeholders and regulatory agencies.

• Understand and maintain knowledge of emerging security technologies and their applicability to our highly-regulated business.

• Stay up to date with the latest emerging security threats and drive continuous improvement in security practices.

Qualifications

Required Skills and Experience

• Minimum BS degree in Computer Science, Information Security, or a related field (advanced degree preferred).

• 15+ years of experience in the information security field.

• 5+ years of experience securing medical devices and/or robotics systems.

• 5+ years experience in product security leadership and management roles.

• An advanced understanding of information/product security, access control, incident response, vulnerability management, risk management, as well as preventive, detective and offensive security solutions.

• Solid understanding of IoT security, OS hardening, HSMs, secure development lifecycle (SDL), information privacy, and hardware/embedded security.

• Experience with industry best practices and regulatory requirements (FDA, NMPA, EU MDR, IEC 62443, NIST CSF, NIST 800-53 etc.)

• Experience with cryptography, PKCS, E2EE, secure boot, authentication mechanisms, TPM, zero-day exploits, and SBOM.

• A proven track record of developing and implementing effective security policies and programs.

• Demonstrated experience working with regulatory bodies partnering with external teams.

• Ability to draft project plans for security technology deployments and coordinate with stakeholders to drive multi-functional initiatives.

• Strong technical skills and a ability to work closely with highly technical individual contributors.

• Strong interpersonal and communication skills; ability to influence both internally and externally.

• Nice to have certifications:

• ISC2 CISSP (Certified Information Systems Security Professional)

• GIAC Security Leadership Certification

Additional Information

Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.

Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.

We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.

Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.

We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.