Senior Cyber Information Assurance Analyst

Location: California

* Defines requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management) to best protect company assets.
* Assesses and mitigates system security threats and risks throughout the program life cycle.
* Validates system security requirements definition and analysis.
* Implements and validates security designs in hardware, software, data, and procedures.
* Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities.
* Understanding of Identity, Lifecycle and Governance capabilities, intersection with other cyber security domains, products and industry practices.
* Identify and assess cybersecurity risks through business analysis and propose solutions to mitigate those risks, contributing to overall business continuity and security resilience.
* Demonstrated expertise in GRC frameworks and processes, including system selection, system administration, and supporting core GRC functions. Lead the design and implementation of process flows, ensuring alignment with business objectives.
* Collaborate with teams across various departments, including IT, legal, compliance, and product security, to identify, assess, and mitigate cybersecurity risks across a broad range of products and services, ensuring security is integrated throughout the entire product lifecycle and operational processes.
* Maintain up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2, etc.).
* Drive improvements in the GRC platform by automating workflows, integrating new tools, and optimizing risk management processes to increase operational efficiency and reduce manual effort.
** Minimum Requirements*
* ** 4+ years of experience with a with a high school diploma or equivalent.
*** Previous Medtronic experience
* 7+ years of experience in cybersecurity GRC (Governance, Risk, & Compliance), or external/internal audit, preferably within the medical device or healthcare industry.
* Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.).
* Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders.
* Ability to think critically and strategically about risk management and how technology, process improvements, and automation can help the organization proactively address cybersecurity risks.
* Excellent presentation skills with the ability to communicate complex risk management concepts clearly to executive-level audiences, translating technical details into actionable insights for senior leadership.
* Minimum 5 years of experience executing key risk management activities, including conducting risk assessments using various quantitative and qualitative methodologies, such as the FAIR model (Factor Analysis of Information Risk), ensuring a deep understanding of risk analysis methodologies.
* At least 3 years of active participation in the design and implementation of at least 2 comprehensive risk management programs (e.g., risk assessments, regulatory assessments) within a large, complex organization, including hands-on experience with program execution and improvement.
* Proven expertise in process design and improvement related to risk management frameworks and methodologies, ensuring effective risk mitigation strategies are incorporated into operational processes.
* Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53) and applying their standards and recommendations to improve organizational cybersecurity postures.
* Strong knowledge of regulatory changes and trends impacting IT risk assessments, including compliance requirements such as GDPR, HIPAA, and others, ensuring risk management strategies align with the latest regulatory standards.
* Knowledge of Operational Technology (OT) risk management is a plus, with the ability to assess risks related to OT environments and integrate them into overall IT risk strategies.
* Minimum 3 years of experience evaluating technical design documents for systems or environments to assess associated risks, including reviewing architectural, infrastructure, and application designs for security and operational risk vulnerabilities.
* Familiarity with GRC tools such as Service Now, Logic Gate, or One Trust
* Strong understanding of technical infrastructure, including networks, cloud environments, endpoints, and medical device systems.
* Experience with system integration and data flow analysis within GRC tools, ideally leveraging APIs and other automation technologies to improve operational efficiencies.
** Medtronic offers a competitive Salary and flexible Benefits Package
** A commitment to our…