Principal Software and Security Compliance Audit Specialist

About The Position

Requirements

• To be considered for this role, please ensure the minimum requirements are evident in your applicant profile.
• Bachelor's degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry OR PhD with 3+ years of work experience in Quality or regulated industry

Nice To Haves

• Preference is given to those with relevant software development or product cybersecurity engineering experience or background.
• Experience in Quality/Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485)
• Experience with regulated medical device software requirements: IEC 62304:2006 + AMD1:2015 - Medical device software – Software life cycle processes IEC 82304-1:2016 - Health software – Part 1: General requirements for product safety United States FDA Device Software Functions related Guidance’s United States FDA Interoperability related Guidance’s United States FDA AI-Enabled Device Software Function Guidance European Commission’s Guidance’s on Medical Device Software (MDCG 2019-11, MDCG 2023-4, MDCG 2025-4) IMDRF’s Software as a Medical Device (SaMD) Guidance’s ISO 14971:2019 EU AI Act
• Experience with regulated product cybersecurity requirements: IEC 81001-5-1:2021 - Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle SW96:2023 – Standard for Medical Device Security – Security Risk Management for Device Manufacturers United States FDA Pre-Market and Post-Market Product Cybersecurity Guidance’s European Commission’s Guidance on Cybersecurity of Medical Devices (MDCG 2019-16) IMDRF’s Principles and Practices for Medical Device Cybersecurity Guidance’s ENISA – EU Cybersecurity Act ISO 80001-2 series and ISO 14971
• Security Certifications (i.e., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
• Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices.
• Experience auditing Quality Systems to global requirements
• Quality System Lead Auditor certified
• Prior FDA or NB auditor experience
• Experience performing hardware and software penetration testing
• Understanding of the software and product cybersecurity development lifecycle process and product development process
• Experience in leading small teams
• Knowledge in risk management and assessment methodologies, product cybersecurity frameworks and relevant global regulations
• Strong capability to research and evaluate emerging technologies
• A solid familiarity of threat modeling, vulnerability scanning tools, and common attack routes is essential.
• Demonstrated ability to be flexible and take a proactive approach to managing change
• Experience working in a regulated environment and/or a formal quality system
• Occasional after-hours availability to accommodate different regional and global partners.
• Medical device engineering experience
• Strong technical and troubleshooting skills.
• Strong interpersonal communication and ability to demonstrate a collaborative work style.
• Comfortable working in an ambiguous environment.
• Innovative thinker: ability to think outside of the current norms and processes
• Independent self-starter
• Solid writing and presentation skills
• Interest in novel applications of technology

Responsibilities

• Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements.
• Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software.
• Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents.
• Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities.
• Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures.
• May counsel stakeholders about these requirements as necessary.
• Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns.
• Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions.
• Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements.
• Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic.
• Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity.
• Identify opportunities for regulated medical device software and product security enhancement.
• Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring.
• Possess an understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately.
• Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies.
• Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks.
• Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development.
• Analyze complex issues and significantly improve, change, or adapt existing methods.
• Show creativity and innovation in all aspects of your responsibilities.

Benefits

• Medtronic offers a competitive Salary and flexible Benefits Package
• A commitment to our employees lives at the core of our values.
• We recognize their contributions.
• They share in the success they help to create.
• We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
• Health, Dental and vision insurance
• Health Savings Account
• Healthcare Flexible Spending Account
• Life insurance
• Long-term disability leave
• Dependent daycare spending account
• Tuition assistance/reimbursement
• Simple Steps (global well-being program)
• Incentive plans
• 401(k) plan plus employer contribution and match
• Short-term disability
• Paid time off
• Paid holidays
• Employee Stock Purchase Plan
• Employee Assistance Program
• Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
• Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).