Medtronic · 6 hours ago
Senior Cyber Information Assurance Analyst
Mounds View, MN
Full-time
Onsite
Mid, Senior Level
$104K/yr - $156K/yr
4+ years expMedtronic is a leader in medical technology and healthcare solutions, committed to innovation and access to healthcare. The Senior Cyber Information Assurance Analyst will lead the identification, assessment, and mitigation of cybersecurity risks while ensuring compliance with regulations in a highly regulated healthcare environment.
Artificial Intelligence (AI)BiotechnologyHealth CareHealth DiagnosticsMedical Device
Responsibilities
Defines requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management) to best protect company assets
Assesses and mitigates system security threats and risks throughout the program life cycle
Validates system security requirements definition and analysis
Implements and validates security designs in hardware, software, data, and procedures
Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities
Understanding of Identity, Lifecycle and Governance capabilities, intersection with other cyber security domains, products and industry practices
Identify and assess cybersecurity risks through business analysis and propose solutions to mitigate those risks, contributing to overall business continuity and security resilience
Demonstrated expertise in GRC frameworks and processes, including system selection, system administration, and supporting core GRC functions. Lead the design and implementation of process flows, ensuring alignment with business objectives
Collaborate with teams across various departments, including IT, legal, compliance, and product security, to identify, assess, and mitigate cybersecurity risks across a broad range of products and services, ensuring security is integrated throughout the entire product lifecycle and operational processes
Maintain up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2, etc.)
Drive improvements in the GRC platform by automating workflows, integrating new tools, and optimizing risk management processes to increase operational efficiency and reduce manual effort
Qualification
Required
4+ years of experience with a high school diploma or equivalent
Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders
Ability to think critically and strategically about risk management and how technology, process improvements, and automation can help the organization proactively address cybersecurity risks
Excellent presentation skills with the ability to communicate complex risk management concepts clearly to executive-level audiences, translating technical details into actionable insights for senior leadership
Minimum 5 years of experience executing key risk management activities, including conducting risk assessments using various quantitative and qualitative methodologies, such as the FAIR model (Factor Analysis of Information Risk), ensuring a deep understanding of risk analysis methodologies
At least 3 years of active participation in the design and implementation of at least 2 comprehensive risk management programs (e.g., risk assessments, regulatory assessments) within a large, complex organization, including hands-on experience with program execution and improvement
Proven expertise in process design and improvement related to risk management frameworks and methodologies, ensuring effective risk mitigation strategies are incorporated into operational processes
Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53) and applying their standards and recommendations to improve organizational cybersecurity postures
Strong knowledge of regulatory changes and trends impacting IT risk assessments, including compliance requirements such as GDPR, HIPAA, and others, ensuring risk management strategies align with the latest regulatory standards
Knowledge of Operational Technology (OT) risk management is a plus, with the ability to assess risks related to OT environments and integrate them into overall IT risk strategies
Minimum 3 years of experience evaluating technical design documents for systems or environments to assess associated risks, including reviewing architectural, infrastructure, and application designs for security and operational risk vulnerabilities
Familiarity with GRC tools such as ServiceNow, LogicGate, or OneTrust
Strong understanding of technical infrastructure, including networks, cloud environments, endpoints, and medical device systems
Experience with system integration and data flow analysis within GRC tools, ideally leveraging APIs and other automation technologies to improve operational efficiencies
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Auditor (CISA)
Preferred
Previous Medtronic experience
7+ years of experience in cybersecurity GRC (Governance, Risk, & Compliance), or external/internal audit, preferably within the medical device or healthcare industry
Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.)
Benefits
Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)
Company
Medtronic
Medtronic is a healthcare technology company that designs and develops AI-based products and solutions for the medical industry.
10001+ employees
H1B Sponsorship
Medtronic has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (349)
2024 (387)
2023 (291)
2022 (310)
2021 (300)
2020 (261)
Funding
Current Stage
Public CompanyTotal Funding
$18.16BKey Investors
NHS EnglandBlackstone Life SciencesTrade Capital Funding
2025-09-15Post Ipo Debt· $1.76B
2024-05-29Post Ipo Debt· $3.24B
2023-03-23Post Ipo Debt· $2B
Leadership Team
Geoffrey Martha
CEO and Chairman Of The Board Of Directors
Linnea Burman
SVP & President, Neurovascular
Recent News
Company data provided by crunchbase