Cyber Assurance Analyst

Cyber Assurance Analyst (Finance)

Company Description
At Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.

As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.

Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.

Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.

Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.
Job Description
Primary Function of Position:

• Intuitive Surgical is a highly innovative medical device manufacturer that has changed the paradigm of minimally invasive surgery. We are looking for an individual who understands security controls, data privacy, and regulations such as NIST, ISO, and HIPAA, and wants to apply that skillset to support pre/post sales activities of our medical devices/services. This includes conducting conference calls with C-level executives, DPOs, network/security engineers, legal, and clinical customers to articulate and answer security design questions; completing customer risk assessment documentation; and working with our Contract/Legal teams to review security and sales/support agreements. This role bridges traditional boundaries between cyber and IT risk and aims to foster better partnerships with sales and customers to enhance the sales/support experience.

Roles and Responsibilities:

• Complete customer cyber risk and data privacy audit documentation related to our products and services.
• Work closely with internal regulatory bodies to ensure security, data, and HIPAA policies are effective and compliant with domestic and international regulations.
• Participate in pre-sales activities to advocate for our products' cybersecurity and data privacy controls and policies.
• Collaborate with product engineering to create and maintain Manufacturing Disclosure Statements (MDS2).
• Understand the information lifecycle, including data transfer, in-use data, and data at rest for our products and services.
• Investigate and learn new technologies and products as required.
• Be knowledgeable about Intuitive Surgical's cybersecurity, HIPAA, and data privacy policies, processes, and procedures.
• Execute ad-hoc projects assigned by management.
• Support a global support team across various time zones; some travel and flexible work hours are required.

• Collaborate with executive management and department leaders to assess current and future information security compliance needs.
• Serve as a subject matter expert on compliance standards influenced by regulatory mandates (e.g., SOX, HIPAA) and industry best practices (e.g., NIST CSF, ISO 27001).

Qualifications
Skill/Job Requirements:

• Minimum of 5 years of experience in Information Security, Internal Audit, or IT Risk Management.
• Minimum of 3 years managing IT, Internal Audit, or Information Security compliance programs.
• At least 3 years of experience with information security risk, governance, and control frameworks such as ISO/IEC 27000 series, NIST CSF, CSA CCM, and PCI DSS.
• Experience working with hospital IT or in a medical regulated environment.
• Knowledge of FDA cybersecurity guidance for medical devices, NIST Cybersecurity Framework, and ISO 27001.
• Experience with network security infrastructure, threats, vulnerabilities, and mitigation strategies.
• Knowledge of encryption, cryptography, and certificate/key management.
• Understanding of the Risk Management Framework (RMF).
• Proficiency with information protection technologies like DLP, data classification, and information rights management solutions.
• Strong customer-facing skills capable of discussing technical topics with diverse audiences.
• Ability to multitask, make sound judgments, and respond urgently to support business needs.
• Experience managing projects and supporting formal testing and security documentation, including System Security Plans.
• Understanding of information operations concepts such as access control, user authentication, vulnerability analysis.
• Experience with FISMA reporting and other compliance-related reporting.
• Certifications like CISA, CISM, CAP, or CISSP are preferred.

Additional Information

Due to the nature of our business, proof of vaccination against certain diseases, including COVID-19, may be required.

Intuitive is an Equal Opportunity Employer, providing equal employment opportunities regardless of race, sex, pregnancy, sexual orientation, gender identity, national origin, and other protected statuses.

Mandatory Notices

We consider qualified applicants with arrest and conviction records in accordance with fair chance laws.

We offer competitive compensation packages, including base pay, incentives, benefits, and equity, with salary ranges based on experience and qualifications:

Base Salary Range Region 1: $139,400 - $200,600
Base Salary Range Region 2: $118,500 - $170,500
Shift: Day
Workplace: Remote (may require onsite visits)