Careers that Change Lives
We value what makes you unique. Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology can do to help alleviate pain, restore health, and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.

The Cardiac and Vascular Group brings all our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac diagnostic and monitoring solutions.
Be on the frontlines of the emerging area of medical device cybersecurity as a leader responsible for a team of security engineers creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic's medical devices and supporting IT infrastructure.

The Director of Product Security of Cardiac Rhythm Management (CRM) R&D, is responsible for a growing global cybersecurity team. This position requires strategic planning and communication skills to gain organizational alignment, define business importance, operationalize Product Security strategic plans, and solicit outcome requirements of Product Security including highly diverse set of internal and external stakeholders such as executives, peer management, customers, and regulators.

As Director of Product Security with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.
This role is an integral member of the R&D and cross-functional leadership teams delivering life-saving medical devices supporting the $5 Billion yearly CRM business. The successful candidate will have a strong foundation in Product Security with demonstrated leadership execution; drives functional engineering excellence; and supports the delivery of patient diagnostics and monitoring devices, pacemakers, heart failure and defibrillator products.
This position is Mounds View, MN within the Cardiac Rhythm Management (CRM) business unit and requires on-site presence at least three days a week.
We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.

A Day in the Life
In general, the following responsibilities apply for the Director of Product Security and Privacy role. This includes, but not limited to:
• Provide strategic vision and leadership in Product Security for the Medtronic CRM business unit.
• Build a Product Security strategic plan which will lead the way of excellence for CRM product security. Align, gain support, and execute to the strategic plan.
• Be an innovative leader and change agent.
• Monitor security trends and evolving technologies and keep senior leaders informed of business implications.
• Monitor, collaborate and influence strategic direction and operational decisions, priorities and issues across Medtronic business units and with key stakeholders outside Medtronic.
• Integrate scientific foundations, technologic opportunities, and product aspirations into a coordinated and achievable Product Security roadmap.
Product Life Cycle Management-Trusted Security for Patients & Customers:
• Ensure the Product Security of market released CRM products and infrastructure (i.e., CareLink) are managed in accordance with quality and regulatory standards. Lead quality activities to ensure Product Security risks are effectively managed across the business.
• Develop and drive post-market security priorities based on a CRM risk assessment and gap analysis.
• Build an event response team who will investigate vulnerabilities, support external key stakeholder and researcher relations, and remediate necessary gap closure plans.
• Oversees the investigation and evaluation of existing technologies.
• Guides the conceptualization of new methodologies, materials, machines, processes, or products.
• Directs the development of new concepts from initial design to market release.
• Manages feasibility studies of the design to determine if capable of functioning as intended.
• Monitors documentation maintenance throughout all phases of research and development.
• Organizes the coordination of activities with outside suppliers and consultants to ensure timely delivery.
Secure By-Design:
• Drive best-in-class Product Security design and requirements for new product development. Ensure the Product Security design is leveraged across all product lines and anticipates future risks.
• Ensure CRM products are thoroughly tested using best Product Security practices and methodologies.
• Collaborate with functional partners to ensure Product Security requirements are sufficiently balanced with a world-class customer experience.
• Oversee execution of pre-market security project planning and execution across the CRM product portfolio. Including voice of stakeholders (internal and external), architecture guidance, adherence to security standards and policies, and provide regular status reporting of progress.
• Develop risk-based security assessment process and drive the use and application across product efforts.
• Provide guidance to CRM R&D leader and business partners on security practices, priorities, and emerging trends.
• Maintain effective communication with the business sector leadership team, team members and functional leadership in all activities required to design, develop, and deliver the product successfully.
• Cultivate and manage key relationships within Medtronic executive leadership, CRM customers, industry groups, relevant regulators, and the Product Security research community.
Talent Development:
• Assist in recruiting and retaining Product Security talent. Actively assure the retention, recognition, and development of team members throughout the organization.
• Promote collaborative, empowered working environments supporting security needs, by removing barriers, communicating business importance, and creating possibilities.
• Plans, directs, and implements all aspects of the company's design and development of new medical device products or software systems.
• May develop, evaluate, implement, and maintain technical quality assurance and control systems or reliability systems and standards pertaining to materials, techniques, or company products.
• Selects, develops, and evaluates personnel to ensure the efficient operation of the function.

Must Have: Minimum Requirements

• Bachelors degree required
• Minimum of 10 years of relevant experience with 7+ years of managerial experience, or advanced degree with a minimum of 8 years of relevant experience with 7+ years of managerial experience

§ 5+ years in technical, Product Security-related roles.

§ CISSP or similar certification, or sufficient demonstrated experience and/or formal education in Product Security and information assurance. The successful applicant will have experience in four or more of the following technical domains:

§ Medical devices and systems

§ IoT (embedded) devices and systems

§ Cloud systems architecture and security

§ Enterprise and local network infrastructure security

§ Large-scale application architecture and security

§ Mobile device application architecture and security

§ Data protection architectures for data at rest and in transit

§ Risk assessments and Product Security regulatory requirements

§ Security incident management experience

§ Security operations center (SOC) experience

• Experience building, leading, and executing to large Product Security initiatives and programs with an emphasis in product security.

• Understanding of national and international laws, regulations, and policies related to regulated medical device Product Security.

• Demonstrated understanding of information security practices, risk management processes, Product Security principles, and incident response methodologies.

Physical Job Requirements:

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America)

The provided base salary range is used nationally (except in certain CA locations). The rate offered is compliant with federal/local regulations and may vary by experience, certification/education, market conditions, location, etc.

A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here .

Medtronic Incentive Plan : This position is eligible for an annual Bonus Program. Learn more about Medtronic Incentive Plan (MIP) here .