We are still hiring

We hope that through this challenging time, you and your family are staying safe and healthy. Though the COVID-19 pandemic is presenting unprecedented challenges, we continue to hire for our open positions. Our recruiting and hiring teams are taking prudent measures to minimize the spread of COVID-19 and still provide you with a great candidate experience. However, due to adjustments in work, life, and an increase in applications, we may start to experience some delays. Thank you for your patience and understanding.

To learn more about Intuitive’s response to COVID-19, see our company statement.

HIPAA/Cyber Security Assurance Analyst

Job Description

Job: IT/Information Systems
Primary Location: United States-California-Sunnyvale-US-CA-Sunnyvale
Schedule: Full-time
Requisition ID: 200697


Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.

Primary Function of Position:

• Intuitive Surgical is a highly innovative medical device manufacture that has changed the paradigm of minimal invasive surgery. We are looking for an individual that understands security, data privacy and HIPPA regulation and guidance’s and wants to apply that skillset to support pre/post sales activities of our medical devices/services; this can include conference calls with C-level, DPO, Net/Sec Engineers, Legal, and Clinical customers to articulate and or answer security designs/questions of our product/services; completing customer risk assessment documentation and working with our Contract/Legal teams reviewing security and data agreements. This role bridges traditional boundaries between cyber and IT risk and looks to expand better partnerships with sales and our customers to drive a more efficient sales/support customer experience

Roles and Responsibilities:

• Complete customer risk and data privacy audit documentation with respect to our product and services
• Work closely with our internal regulatory bodies to ensure security, data and HIPPA policies are functional, effective and are in accordance with domestic and international regulatory compliances
• Participate in pre-sales activities to champion the products cybersecurity and data privacy design, control and policies.
• Partner with product engineering to create and maintain manufacturing disclosure statements MDS2
• Contribute to on-going strategic planning activities within the Information Protection program.
• Understand the information lifecycle, including data transfer, data in-use and data at rest of products and services.
• Demonstrated ability to investigate and learn new technologies and products.
• Be knowledgeable with Intuitive Surgical’s cybersecurity, HIPPA and data privacy policies, processes, procedures
• Be able to execute ad-hoc projects as assigned by management
• Be able to work within a Global Support Team and providing support wide range of time zones; some travel and a flexible work schedule is required
• Collaborate with executive management and department leaders to assess near- and long-term Information Security compliance needs
• Serve as subject matter expert to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (e.g. SOX 2, HIPAA, etc.) and industry best practices (e.g. NIST CSF, ISO 27001 and 27017, ITIL, COSO, COBIT, etc.)


Skill/Job Requirements: 

• Minimum of 5 years of experience in Information Security, Internal Audit and/or IT Risk Management functions
• Minimum of 3 years of experience with managing IT, Internal Audit or Information Security compliance programs
• Minimum of 3 years of information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, CSA CCM and PCI DSS
• Familiar working with hospital IT or in medical regulated environment
• Knowledge of FDA pre and post management of cybersecurity of medical device guidance’s, NIST Cybersecurity Framework and or ISO 270001
• Experienced with network security infrastructure, threats and vulnerabilities to networks, and mitigate security threats.
• Experience with encryption, cryptography and certificate/key management.
• Understanding of the Risk Management Framework (RMF)
• Expertise with a variety of information protection technologies, including DLP, data classification and information rights management solutions.
• Great customer facing skills that can discuss technical information with a wide range of audiences (from a service engineer, clinicians to a CTO/CIO)
• Exceptional ability to multi-task, make sound judgments and respond with a sense of urgency in order to effectively support the business. Thoroughness in completing tasks is imperative.
• Experience managing and completing projects
• Ability to handle stress and work well under pressure
• Knowledge of key IT risks, controls, and ability to use technology-based audit techniques.
• Experience in supporting the formal testing required by government/industry accrediting authorities and preparing System Security Plans
• Understanding of information operations concepts such as: Access Control, User Authentication & Identity Management, Vulnerability and Malware Analysis.
• Experience in Federal Information System Management Act (FISMA) reporting and other information assurance assurance-related compliance reporting.
• CISA, CISM, CAP or CISSP are preferred

We are an AA/EEO/Veterans/Disabled employer.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.