Principal Product Security Engineer - ISO2k7
Medtronic
- Hyderabad, Telangana
- Permanent
- Full-time
- Maintain relationships within Operating Unit proactively share business' upcoming projects to the GSO
- Engage with cross functional teams to drive complex data security issues to resolution
- Contribute continuous improvement to the methodologies and practices of the Business Information Security to attain higher capability maturity levels
- Track status of open requests/tasks and drive accountability of requestors to ensure timely submitting
- Partner with the GSO and Privacy to perform deep dives over high risk processes and systems to identify and remediate gaps in data security
- Drive Security compliance activities related to HITRUST, ISO27001, SOC2, etc.
- Help facilitate and/or respond to Customer Inquiries
- Streamline processes and use of tools across Global IT to ensure data flow and security is maintained in the most efficient way possible
- Provide insight and business background to include data security, encryption, authorization, authentication, and access controls to the GSO process teams, when needed
- Prepare status reports on data security and privacy matters to educate the Business Relationship Managers (BRM) and business leadership about business owned IT security risks
- Compile and communicate security/privacy risk to Business IT Leadership, BRMs and business leadership as appropriate
- Establish a forum for outreach to the broader organization you represent to educate business requestors, business leaders, and IT leadership on the GSO Engagement processes
- Demonstrate strong knowledge of IT security controls, security risk and threats
- Regularly meet with the GSO to discuss issues, concerns, complex or high visibility projects, process improvement areas, and review SLA goals and actual results – leverage these relationships and information to ensure business readiness, engagement, and alignment with security programs and initiatives.
- Act as a resource for security compliance questions, risks, and concerns for the bisomess
- Perform other security-related duties as and when directed by the Business Information Security management
- Engage in stakeholder management in their respective business
- Reach out and meet with stakeholders, educate them about the GSO and Global IT
- Serve business stakeholders and requesters as "Customers" with a focus on service and support
- Advise business / R&D teams on attaining security reviews earlier in their projects
- Hold yourself and your business accountable for committed deliverables and deadlines
- Ensure timely response to requests for security support from the business.
- High school diploma (or equivalent) and 12+ years of experience
- Bachelor’s degree and 7+ years of experience or advanced degree and 5+ years of experience
- Previous Medtronic experience
- Preference given to current Medtronic employees
- Strongly preferred:
- Experience in audit, risk management, vulnerability management, governance, IT security and/or compliance functions
- Experience with cloud storage systems/PaaS/SaaS
- Experience with AWS highly regarded
- Clear understanding of product architecture, data, data flows, and usage
- Experience working across business units and geographical boundaries to engage IT, business counterparts, and team members
- Ability to understand, question, and interpret internal and external security environments
- 3+ years working in IT GRC or controls function
- Proven experience dealing with ambiguous situations, and producing a consistent result with varied input
- Working knowledge of IT and security control frameworks (NIST, CobiT, ITIL, CyberEssentials, HDH), as well as regulatory requirements (PCI, HIPAA, GDPR, CCPA)
- Knowledge of information risk concepts and practices required
- Knowledge of controls manifestation in large global corporations with regional and local presence is required
- Experience communicating conceptual and technical information
- Experience translating technical data into business impact information
- Experience working with ServiceNow GRC (Governance, Risk, and Compliance)
- Knowledge of Frameworks, including PCI, SOX and ISO 27001 is a plus
- Detailed knowledge of ITGRC, Auditing principles / practices is desired
- Good understanding of Vendor management desired
- Good understanding of security frameworks desired, included but not limited to NIST, HISTRUST, OWASP, etc.
- Good project management skills desired
- Experience in examining reports on security controls (SSAE-16, PCI-ROC, Application Security Assessments)
- Posting Date: Apr 26, 2024
- Travel: No