Engineering Program Director, Security by Design at Medtronic in Mounds View, Minnesota

Job Description:

The person in this role may work remotely within the US or Hybrid at a MN-based Medtronic facility.

Careers that Change Lives

In this critical role you will act as Program Director, reporting to the Senior Engineering Director within the Product Security Office in Corporate Quality. This position is responsible for developing a "Secure by Design" program to establish and implement product security strategies, priorities, and directives consistent with the vision and in alignment with the mission of the Medtronic. We look for leaders who have a clear vision of where we are going and how to get there, bold inclusive thinkers who create new ideas and bring our best solutions forward to benefit our patients, business partners, and customers.

We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute.We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications if we hope to have long-term sustainable impact.

Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world.

A Day in the Life

This position will take the lead on developing a program that promotes secure medical devices from the design stage. The mission of this program will be working with key stakeholders to ensure Medtronic products are engineered to be resilient to evolving threats over their TPLC (Total Product Life Cycle). Responsibilities may include the following and other duties may be assigned.

• Developing reasonably planned maintenance update cycles expectations, supported by data and documented rationale.
• Establishing a consensus-driven set of product security minimum baselines and collaborating with Operating Units to implement these baselines into their security by design practices.
• Engaging with Operating Units to ensure higher risk products are designed to resist active and hostile attacks.
• Must have experience and knowledge working with regulated medical devices and cybersecurity requirements.
• Leveraging the Product Security strategy and roadmap to drive 'security by design' maturity.
• Remain informed on Regulatory requirements for Product Security and be accountable to ensure those requirements are integrated into the Medtronic Quality Management System.
• Assist in developing an effective product security governance program that ensures strategic alignment of product security and broader corporate and operating unit objectives.
• Own development of training and awareness programs for product security that will drive excellence in culture across R&D, quality, regulatory and other engaged internal staff.
• Create energy and enthusiasm at all levels of the product security organization.
• Enable strong partnerships across the organization to drive best-in-class product security mechanisms.
• Continuously anticipate and be prepared for audits.
• Work with stakeholders to continuously maintain centralized product inventory.
• Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring.
• Possess an understanding of scoring methodologies for security threats like the common vulnerability scoring (CVSS) and apply appropriately.
• Assist with creating and tracking of KPI metrics for success over the course of the product lifecycle.
• Proactively engage with third party stakeholders such as researchers, industry peers, regulators, and potentially Medtronic customers.
• Establish and oversee enterprise product security services that support enterprise and R&D product security teams.
• Benchmark with external organizationsfor Product Security maturity.
• Document and communicate recommended security controls and deficiencies.
• Contribute to company standards and policies related to product security risks.
• Develop solutions to problems of unusual complexity, which require a high degree of ingenuity, creatively, and innovativeness. Challenges are frequently unique, and solutions may serve as precedent for future decisions.
• Analyzes complex issues and significantly improves, changes, or adapts existing methods.
• Market and communicate program vision to project teams, key business stakeholders, and executive leadership.
• Communication planning, information distribution, performance reporting, and administrative closure.
• Provide detailed functional knowledge and maintain insight to current industry best practices and how they can be applied to Medtronic.
• Works with very little direction towards predetermined long-range goals and objectives.
• Establishes streamlined processes and structures that accelerate change initiatives; plays a leadership role in change efforts.
• Escalate security and privacy issues as appropriate when discovered.

Must Have: Minimum Requirements

• Bachelor's degree required
• Minimum of 10+ years of cybersecurity and/or secure software engineering experience with 7+ years of managerial experience, or advanced degree with a minimum of 8 years of cybersecurity and/or secure software engineering experience with 7+ years of managerial experience

Nice to Have

• Experience in Product Security
• Excellent written and verbal communication skills including demonstrated influence of stakeholders across an organization
• Occasional after - hours availability to accommodate different regional and global partners .
• A solid familiarity of threat modeling, vulnerability scanning tools, and common attack routes is essential.
• Experience working in a regulated environment and/or a formal quality system
• Medical device e ngineering experience
• Strong technical and troubleshooting skills .
• Strong capability to research and evaluate emerging technologies
• Preference is given to those with relevant product security or engineering experience.
• Strong in interpersonal communication and demonstrate a collaborative work style.
• Comfortable working in an ambiguous environment.
• Innovative thinker; ability to think outside of the current norms and processes
• Independent self-starter
• Strong communication and collaboration skills
• Solid writing and presentation skills
• Interest in novel applications of technology

About Medtronic
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let's work together to address universal healthcare needs and improve patients' lives. Help us shape the future.

Physical Job Requirements
The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager, recruiter or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America)

Executive Level Roles: Base pay is based on numerous factors and may vary depending on job-related knowledge, skills, and experience.

A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here .

MIP Eligible: This position is eligible for a short-term incentive plan. Learn more about Medtronic Incentive Plan (MIP) here .

LTI Eligible: This position is eligible for an annual long-term incentive plan. Learn more about Medtronic Long-Term Incentive Plan (LTIP) here .

Apply Now