Cyber Assurance Analyst

Company Description
At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real-world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.

Primary Function of Position:

• Intuitive Surgical is a highly innovative medical device manufacturer that has changed the paradigm of minimally invasive surgery. We are looking for an individual who understands security controls, data privacy, and NIST, ISO, and HIPAA regulations and guidance, and wants to apply that skill set to support pre/post sales activities of our medical devices/services. This can include conference calls with C-level, DPO, Net/Sec Engineers, Legal, and Clinical customers to articulate and answer security design questions of our product/services; completing customer risk assessment documentation; and working with our Contract/Legal teams reviewing security and sales/support agreements. This role bridges traditional boundaries between cyber and IT risk and aims to expand better partnerships with sales and our customers to drive a more efficient sales/support customer experience.

• Complete customer cyber risk and data privacy audit documentation regarding our products and services.
• Work closely with internal regulatory bodies to ensure security, data, and HIPAA policies are functional, effective, and compliant with domestic and international regulations.
• Participate in pre-sales activities to promote the cybersecurity and data privacy design, controls, and policies of our products.
• Partner with product engineering to create and maintain manufacturing disclosure statements (MDS2).
• Understand the information lifecycle, including data transfer, data in-use, and data at rest concerning our products and services.
• Investigate and learn new technologies and products demonstrated ability.
• Be knowledgeable of Intuitive Surgical's cybersecurity, HIPAA, and data privacy policies, processes, and procedures.
• Execute ad-hoc projects as assigned by management.
• Support a global team across different time zones; some travel and flexible work hours are required.

• Collaborate with executive management and department leaders to assess near- and long-term information security compliance needs.
• Serve as a subject matter expert on compliance standards influenced by regulatory mandates (e.g., SOX, HIPAA) and industry best practices (e.g., NIST CSF, ISO 27001).

Skill/Job Requirements:

• Minimum of 5 years of experience in Information Security, Internal Audit, or IT Risk Management functions.
• Minimum of 3 years managing IT, Internal Audit, or Information Security compliance programs.
• Minimum of 3 years experience with information security risk, governance, and control frameworks such as ISO/IEC27000, NIST CSF, CSA CCM, PCI DSS.
• Experience working with hospital IT or in medical regulated environments.
• Knowledge of FDA cybersecurity guidance for medical devices, NIST Cybersecurity Framework, ISO 27001.
• Experience with network security infrastructure, threats, vulnerabilities, and mitigation strategies.
• Knowledge of encryption, cryptography, and certificate/key management.
• Understanding of the Risk Management Framework (RMF).
• Expertise with information protection technologies like DLP, data classification, and information rights management.
• Strong customer-facing skills to discuss technical information with diverse audiences.
• Ability to multi-task, judge effectively, and support business needs with a sense of urgency.
• Experience managing projects and working under stress.
• Knowledge of key IT risks and controls, and ability to apply technology-based audit techniques.
• Experience supporting formal testing and preparing System Security Plans.
• Understanding of information operations concepts such as access control, user authentication, vulnerability, and malware analysis.
• Experience with FISMA reporting and other compliance reporting.
• Certifications such as CISA, CISM, CAP, or CISSP are preferred.

Due to the nature of our business, proof of vaccination against certain diseases, including COVID-19, may be required.

Intuitive is an Equal Opportunity Employer, committed to diversity and inclusion.

We consider qualified applicants with arrest and conviction records in accordance with fair chance laws.

We offer competitive compensation packages based on experience, skills, and qualifications, with salary ranges listed for different regions.

Base Salary Range Region 1: $139,400 - $200,600 USD

Base Salary Range Region 2: $118,500 - $170,500 USD

Shift: Day

Workplace Type: Remote, with onsite visits as needed.