Principal Product Security Engineer - Hyderabad, India - Medtronic

    Medtronic
    Medtronic Hyderabad, India

    2 weeks ago

    Default job background
    Description

    CAREERS THAT CHANGE LIVESThe Principal Cyber Info Assurance Analyst will join the Business Information Security team within the Business Partner Services (BPS) group and partner closely with the Global Security Office (GSO).

    You will serve as a champion of the GSO, focusing on enhancing user experience with our business partners. You'll serve as a cybersecurity and compliance subject matter expert (SME) to the intelligent Data Solutions business.

    The cybersecurity SME will focus on identifying, prioritizing and driving remediation of all security risks owned by the businessThe primary focus of the role will be on achieving and/or maintaining HIPAA, GDPR and other regulatory compliance, and achieving and maintaining the ISO27011 and HITRUST certifications.

    You will facilitate and assist the business by interpreting the requirements and driving technical remediations. Communicate, escalate, and track progress on assessment remediation activities. Understand information security risks that are inherent to a business and articulate those risks in business terms. Support Commercial activities including contracting and IT/security questionnaires. Maintain current knowledge on data privacy and information security topics and their applicable program requirements.

    Provide concierge service to our business stakeholders when interacting with the GSO.We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins.

    Medtronic walks the walk, creating an inclusive culture where you can thrive.

    Bring your talents to an industry leader in medical technology and healthcare solutions – we're a market leader and growing every day.

    You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation.

    You will be empowered to shape your own career. We support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare.
    Join us for a career in IT that changes lives.
    Medtronic is committed to fostering a diverse and inclusive culture. Check out the accomplishments of our Women in IT group ;


    A DAY IN THE LIFEMaintain relationships within Operating Unit proactively share business' upcoming projects to the GSOEngage with cross functional teams to drive complex data security issues to resolutionContribute continuous improvement to the methodologies and practices of the Business Information Security to attain higher capability maturity levelsTrack status of open requests/tasks and drive accountability of requestors to ensure timely submittingPartner with the GSO and Privacy to perform deep dives over high risk processes and systems to identify and remediate gaps in data securityDrive Security compliance activities related to HITRUST, ISO27001, SOC2, etc.

    Help facilitate and/or respond to Customer InquiriesStreamline processes and use of tools across Global IT to ensure data flow and security is maintained in the most efficient way possibleProvide insight and business background to include data security, encryption, authorization, authentication, and access controls to the GSO process teams, when neededPrepare status reports on data security and privacy matters to educate the Business Relationship Managers (BRM) and business leadership about business owned IT security risksCompile and communicate security/privacy risk to Business IT Leadership, BRMs and business leadership as appropriateEstablish a forum for outreach to the broader organization you represent to educate business requestors, business leaders, and IT leadership on the GSO Engagement processesDemonstrate strong knowledge of IT security controls, security risk and threatsRegularly meet with the GSO to discuss issues, concerns, complex or high visibility projects, process improvement areas, and review SLA goals and actual results – leverage these relationships and information to ensure business readiness, engagement, and alignment with security programs and initiatives.

    Act as a resource for security compliance questions, risks, and concerns for the bisomessPerform other security-related duties as and when directed by the Business Information Security managementEngage in stakeholder management in their respective businessReach out and meet with stakeholders, educate them about the GSO and Global ITServe business stakeholders and requesters as "Customers" with a focus on service and supportAdvise business / R&D teams on attaining security reviews earlier in their projectsHold yourself and your business accountable for committed deliverables and deadlinesEnsure timely response to requests for security support from the business.

    BASIC QUALIFICATIONSMUST HAVE (Minimum Qualifications)


    • High school diploma (or equivalent) and 12+ years of experienceOR
    • Bachelor's degree and 7+ years of experience or advanced degree and 5+ years of experienceDESIRED/PREFERRED QUALIFICATIONS
    NICE TO HAVE (Preferred Qualifications)

    Previous Medtronic experiencePreference given to current Medtronic employeesStrongly preferred:

    Experience in audit, risk management, vulnerability management, governance, IT security and/or compliance functionsExperience with cloud storage systems/PaaS/SaaSExperience with AWS highly regardedClear understanding of product architecture, data, data flows, and usageExperience working across business units and geographical boundaries to engage IT, business counterparts, and team membersAbility to understand, question, and interpret internal and external security environments3+ years working in IT GRC or controls functionProven experience dealing with ambiguous situations, and producing a consistent result with varied inputWorking knowledge of IT and security control frameworks (NIST, CobiT, ITIL, CyberEssentials, HDH), as well as regulatory requirements (PCI, HIPAA, GDPR, CCPA)Knowledge of information risk concepts and practices requiredKnowledge of controls manifestation in large global corporations with regional and local presence is requiredExperience communicating conceptual and technical informationExperience translating technical data into business impact informationExperience working with ServiceNow GRC (Governance, Risk, and Compliance)Knowledge of Frameworks, including PCI, SOX and ISO 27001 is a plusDetailed knowledge of ITGRC, Auditing principles / practices is desiredGood understanding of Vendor management desiredGood understanding of security frameworks desired, included but not limited to NIST, HISTRUST, OWASP, etc.

    Good project management skills desiredExperience in examining reports on security controls (SSAE-16, PCI-ROC, Application Security Assessments)