Medtronic is hiring a Principal Software and Security Compliance Audit Specialist - Remote

Medtronic is hiring a Principal Software and Security Compliance Audit Specialist to lead internal audit activities focused on medical device software, product cybersecurity, and risk management. You will interpret regulatory requirements, conduct audits, and develop training to ensure compliance in a remote, US-based role.

What You'll Do

• Manage and oversee internal audit activities, including conducting audits, investigations, and interviews, and preparing reports.
• Coordinate internal assessments and audits in accordance with US and international regulatory standards.
• Interpret and implement applicable regulations for products, processes, and procedures.
• Ensure compliance with regulatory agencies and investigate compliance violations.
• Analyze audit data and present findings to management and regulatory bodies to support Corrective Action Plans.
• Own the development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity.
• Provide functional medical device software and product security knowledge and maintain insight into industry best practices.
• Explore and recommend new tools and techniques for auditing regulated medical device software and product cybersecurity.
• Identify opportunities for regulated medical device software and product security enhancement.
• Document and communicate recommended software and product cybersecurity controls and deficiencies.
• Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks.
• Enable strong partnerships across the organization to drive best-in-class software and product cybersecurity development.

What We're Looking For

• A Bachelor's degree with 7+ years of work experience in Quality or a regulated industry, an Advanced degree with 5+ years of experience, or a PhD with 3+ years of experience.
• Must have experience, subject matter expertise, and technical knowledge working with regulated medical device software and product cybersecurity requirements.

Nice to Have

• Relevant software development or product cybersecurity engineering experience.
• Experience in Quality/Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485).
• Experience with regulated medical device software requirements: IEC 62304, IEC 82304-1, US FDA Software/AI/Interoperability Guidance, EU MDCG Guidance, IMDRF SaMD Guidance, ISO 14971, EU AI Act.
• Experience with regulated product cybersecurity requirements: IEC 81001-5-1, SW96:2023, US FDA Pre/Post-Market Cybersecurity Guidance, EU MDCG 2019-16, IMDRF Cybersecurity Guidance, ENISA – EU Cybersecurity Act, ISO 80001-2 series and ISO 14971.
• Security Certifications (e.g., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP).
• Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices.
• Experience auditing Quality Systems to global requirements.
• Quality System Lead Auditor certification.
• Prior FDA or NB auditor experience.
• Experience performing hardware and software penetration testing.
• Understanding of the software and product cybersecurity development lifecycle and product development process.
• Experience in leading small teams.
• Knowledge in risk management and assessment methodologies, product cybersecurity frameworks, and relevant global regulations.
• Strong capability to research and evaluate emerging technologies.
• Familiarity with threat modeling, vulnerability scanning tools, and common attack routes.
• Demonstrated ability to be flexible and take a proactive approach to managing change.
• Experience working in a regulated environment and/or a formal quality system.
• Occasional after-hours availability to accommodate different regional and global partners.
• Medical device engineering experience.
• Strong technical and troubleshooting skills.
• Strong interpersonal communication and a collaborative work style.
• Comfortable working in an ambiguous environment.
• Innovative thinker who can think outside current norms and processes.
• Independent self-starter.
• Solid writing and presentation skills.
• Interest in novel applications of technology.

Benefits & Compensation

• Compensation range: $113,600.00 - $170,400.00
• Health, Dental and Vision insurance
• Health Savings Account
• Healthcare Flexible Spending Account
• Life insurance
• Long-term disability leave
• Dependent daycare spending account
• Tuition assistance/reimbursement
• Simple Steps (global well-being program)
• Incentive plans
• 401(k) plan plus employer contribution and match
• Short-term disability
• Paid time off
• Paid holidays
• Employee Stock Purchase Plan
• Employee Assistance Program
• Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
• Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)

Work Mode

This is a fully remote position open to candidates in the United States.

Medtronic is an equal opportunity employer. It is our policy to provide equal employment opportunity to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law.