Senior Director, Cybersecurity Strategy & Governance at Medtronic in Mounds View, Minnesota

Job Description:

The person in this role may work remotely within the US or onsite at a US-based Medtronic facility.

CAREERS THAT CHANGE LIVES

In this critical role you will act as Sr. Director, Cybersecurity Strategy & Governance, reporting to the VP Chief Information Security Officer (CISO), leading a team of IT/Cybersecurity professionals, ensuring the highest security standards across the Enterprise. This role is a part of the Global Cyber & Information Security Office leadership team which is responsible for assisting the CISO to establish and implement the information security governance structure and strategies, priorities, and directives consistent with the vision and in alignment with the mission of the Medtronic. We look for leaders who have a clear vision of where we are going and how to get there, bold inclusive thinkers who create new ideas and bring our best solutions forward to benefit our patients, business partners, and customers.

We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive. Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute. We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications if we hope to have long-term sustainable impact.

Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world.

Bring your talents to an industry leader in medical technology and healthcare solutions - we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We encourage and support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare. Join us for a career in IT that changes lives. Medtronic is committed to fostering a diverse and inclusive culture. Check out the accomplishments of our Women in IT group! http://bit.ly/MedtronicWomeninIT

A DAY IN THE LIFE

Responsibilities may include the following and other duties may be assigned.

General:

• Provide recommendations to the CISO on information security standards and best practices for IT projects.
• Assist the CISO to oversee and manage the effectiveness of the state's security program, with a focus on strategy, risk, and governance.
• Provide advice to operating units at all levels on information security issues, recommended practices, and vulnerabilities remediation. Develop and deploy the security program for assigned areas to ensure policies, procedures, and objectives are closely aligned with those of the state.
• Assist in the development of metrics to measure the efficiency and effectiveness of the security program.
• Assist the CISO in strategy development and managing the information security program, focusing on security risk assessments; risk management (including risk prioritization and mitigation); education and awareness.
• Interface with law enforcement agencies and other government agencies to address security lapses and responds to information security issues.
• Respond appropriately with resources and information to requests submitted by internal and external auditing functions.
• Assign responsibilities to staff and empower employees to execute the security program.

Leadership:

• Enable partnerships with key internal business partners and individuals at all levels such as Legal, Facilities, Audit, HR, Corporate Communications, and other Business Unit stakeholders. Maintain ongoing Business and Global IT relationship management.
• Ensure that strict standards of confidentiality and high integrity are maintained across the teams, based on the sensitivity of the work being performed.
• Manage activities of a team with responsibility for results in terms of costs, methods and employees. Accomplishes results through subordinate managers, supervisors or exempt specialist employees. Recommends organizational structures of functions and units.
• Provide leadership, domain thought leadership, management, and development of the department employees including performance management, individual development planning, succession planning, employee communications, and positive working environment to ensure high productivity, employee engagement, and performance.
• Represent the organizational unit as a prime internal and external contact on security related contracts or operations.
• Work continuously to maintain a very high-level of awareness of new trends, threats, and the constantly changing cyber landscape. Respond quickly and appropriately to these changes with modifications to strategies and approaches in order to protect the company.
• Interacts with senior leadership and equivalent concerning matters of significance to Medtronic; and drive beneficial outcomes which preserve the cybersecurity posture of Medtronic whilst enabling the business to meet its goals.
• Be responsible for and provide direction to projects and initiatives. Provides guidance to staff to meet schedules or resolve technical or operational problems. Directly participates in establishing and administering many functional projects. Develops and administers budgets, schedules, and performance standards.
• Influence the development of overall objectives and long-range goals of the organization.
• Develop, plan, manage, and forecast associated cost center(s), unit costs, employee complement, capital expenditures, and charge back rates. Lead the development of cost center budget and operational plan and manage expenses to plan.
• Evaluate, negotiate, develop, and manage preferred vendor relationships to provide Medtronic with the highest value, lowest overall cost with highest quality service globally. Lead domestic and international vendor bidding and formal Request for Proposal processes. Monitor contract compliance on an ongoing basis. Evaluate pricing and quality of services against Medtronic's requirements.
• Work cross-functionally with peers to develop and influence consistent practices related to staff development, performance management, client quality programs, cost management, and the promotion of Global Business Solutions. Establish appropriate relationships at all levels within the organization to influence and execute strategy/operations.
• Establish and maintain strong external peer connections in the interest of cyber information sharing and collaboration.
• Continually benchmark against relevant industries and peer groups to look for continuous improvement opportunities, new techniques and tools, and measure Medtronic against similar functions. Develop business-relevant metrics to measure the effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Develop job performance plans for assigned subordinates to communicate responsibilities and expected outcomes of performance in their role.
• Review and approve future staffing and skill requirements needed for succession planning and talent management purposes.
• Maintain a strong understanding of security technologies, risks, and capabilities.
• Develop in depth understanding of business processes and business dependencies on supported technologies.
• Willingness and ability to play a hands-on technical role on the team.
• Function as backup to other GCISO Team members, where necessary.
• Other duties as assigned.

• Develop and implement strategy, vision and plans to manage information cybersecurity risk to acceptable levels.
• Work closely with organizational leadership to understand business requirements to ensure identification of information related threats and vulnerabilities and alignment, implementation, and maintenance of controls according to risk profiles.
• Assist in the definition of KPIs and associated metrics to evaluate cybersecurity program health.
• Work closely with business and technology counterparts to understand enterprise objectives, initiatives, and cyber information security risk.
• Oversees the enterprise cyber information security risk management lifecycle including the completion of risk assessments, planning, treatment, tracking, reporting, and control, including governance oversight of key business continuity and disaster recovery programs.
• Ensures that Security Risk Analysis continues to meet evolving threat landscape and regulatory (e.g. HIPAA/Meaningful Use) requirements.
• Identifies gaps in existing programs and assists in defining remediation plans.
• Actively participates in efforts to define and implement the vision, strategies and goals for the governance, security, risk management and compliance framework and activities.
• Develop and present required documentation including business cases, cost/benefit analyses, proposals, project charters, project milestones and estimates for timeframe, budget and resources required to maintain and improve Medtronic's security, audit, and compliance posture.
• Continually benchmark against relevant industries and peer groups to look for continuous improvement opportunities, new techniques and tools, and measure Medtronic against similar functions. Develop business-relevant metrics to measure the effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Develop job performance plans for assigned subordinates to communicate responsibilities and expected outcomes of performance in their role.
• Review and approve future staffing and skill requirements needed for succession planning and talent management purposes.
• Maintain a strong understanding of security technologies, risks, and capabilities.
• Develop in depth understanding of business processes and business dependencies on supported technologies.
• Willingness and ability to play a hands-on technical role on the team.
• Function as backup to other GCISO Team members, where necessary.
• Other duties as assigned.

• 15+ years of experience with a bachelor's degree or 13+ years of experience with an advanced degree
• 10+ years of managerial experience

Nice to Have

Strongly Preferred:

• 10+ years of information security, audit, risk, and compliance background, with demonstrated experience in the following CSF and Regulatory Frameworks including CIS, NIST, ISO, SOX, GxP, CCPA, GDPR.
• Industry-recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) strongly preferred.
• Previous work experience working as on the vendor/consultant side of the IT Cybersecurity profession.
• Previous IT management experience at a Global Fortune 500 company.
• IT experience including a combination of risk management and information security with healthcare or pharmaceutical industry experience strongly preferred.

• Previous experience creating/implementing Information Security strategy across a large company.
• Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.).
• Strong business acumen and global orientation.
• Ability to work collaboratively and partner with employees, peers, leaders, clients, key stakeholders and vendors.
• Demonstrated ability to provide strong Project Management skills and expertise.
• Ability to manage the day-to-day information security risk functions across multiple projects and initiatives in Global IT.
• Personnel Scope - Previous experience managing multiple teams, including matrixed teams containing external resources, service providers, consultants, and partnerships.
• Employee Development - Previous experience in recruiting and developing talent; proactively lead personnel development activities and mentoring, including a succession plan for managed teams.
• Financial Accountability - Demonstrated ability and experience managing multiple cost centers, programs and budget accountability.
• Communication Skills - Demonstrated excellent communication skills at all levels in the organization, strong negotiator and strong influence & presentation skills.
• Leadership - Demonstrated leadership skills & high integrity presence; clearly conveys vision & purpose to workforce.
• Administration - Previous experience in ensuring that functional area complies with administrative requirements including forecasting and budgeting, status reporting, and personnel administration.
• Proven ability to take down barriers and build highly successful, high-functioning and accountable organizations.
• Previous experience managing the integration of IT functions and organizations.

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let's work together to address universal healthcare needs and improve patients' lives. Help us shape the future.

The provided base salary range is used nationally (except in certain CA locations). The rate offered is compliant with federal/local regulations and may vary by experience, certification/education, market conditions, location, etc.

Executive Level Roles: Base pay is based on numerous factors and may vary depending on job-related knowledge, skills, and experience

A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here .

MIP Eligible: This position is eligible for a short-term incentive plan. Learn more about Medtronic Incentive Plan (MIP) here .

LTI Eligible: This position is eligible for an annual long-term incentive plan. Learn more about Medtronic Long-Term Incentive Plan (LTIP) here .

Physical Job Requirements

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America)

EEO STATEMENT

It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position.