Principal Software and Security Compliance Audit Specialist - Remote jobs in United States
cer-icon
Apply on Employer Site
company-logo

Medtronic · 2 days ago

Principal Software and Security Compliance Audit Specialist - Remote

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$114K/yr - $170K/yr
date5+ years exp

Medtronic is a global leader in healthcare technology, committed to championing healthcare access and equity. The Principal Software and Security Compliance Audit Specialist will lead audit activities focused on medical device software and product cybersecurity, ensuring compliance with regulatory standards and enhancing product security.

Artificial Intelligence (AI)BiotechnologyHealth CareHealth DiagnosticsMedical Device
check
H1B Sponsor Likelynote

Responsibilities

Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements
Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software
Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents
Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities
Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures
May counsel stakeholders about these requirements as necessary
Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns
Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions
Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements
Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic
Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity
Identify opportunities for regulated medical device software and product security enhancement
Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring
Possess an understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately
Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies
Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks
Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development
Analyze complex issues and significantly improve, change, or adapt existing methods
Show creativity and innovation in all aspects of your responsibilities

Qualification

Medical device softwareProduct cybersecurityRegulatory complianceQuality Systems auditingSecurity certificationsRisk managementSoftware Bill of MaterialPenetration testingInterpersonal communicationCreative thinkingIndependent self-starterWriting skills

Required

Bachelor's degree with 7+ years of work experience in Quality or regulated industry OR Advanced degree with 5+ years of work experience in Quality or regulated industry OR PhD with 3+ years of work experience in Quality or regulated industry
Must have experience, subject matter expertise (SME), and technical knowledge working with regulated medical device software and product cybersecurity requirements
Remain informed on Regulatory requirements for Software and Product Cybersecurity to identify gaps in medical device software
Manage and oversee internal audit activities, which may include conducting and/or overseeing audits, investigations, and/or interviews; and preparing corresponding reports and documents
Coordinate and/or complete internal assessments and/or audits in accordance with regulatory standards, which may include US and/or international regulatory agencies/authorities
Interpret and implement applicable regulations as they apply to products, processes, practices, and procedures
May counsel stakeholders about these requirements as necessary
Ensure compliance with internal and external regulatory agencies, which may include investigating and resolving compliance violations, questions, or concerns
Analyze audit data and present findings to management and/or regulatory bodies in support of Corrective Action Plans, which may include coaching business partners on compliance gaps, data, and/or resulting corrective actions
Own development of training and awareness programs for Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), and product cybersecurity designed to increase auditor awareness and knowledge of requirements
Provide detailed functional medical device software and product security knowledge and maintain insight into current industry best practices and how they can be applied to Medtronic
Explore new tools and techniques to recommend for other team members to audit regulated medical device software and product cybersecurity
Identify opportunities for regulated medical device software and product security enhancement
Possess understanding of Software Bill of Material (SBOM) development and maintenance for the purposes of vulnerability monitoring
Possess an understanding of non-probabilistic scoring methodologies for security threats like common vulnerability scoring system (CVSS) and apply appropriately
Document and communicate recommended state-of-the-art regulated medical device software and product cybersecurity controls and deficiencies
Contribute to company standards and policies related to regulated medical device software and product cybersecurity risks
Enable strong partnerships across the organization to drive best-in-class regulated medical device software and product cybersecurity development
Analyze complex issues and significantly improve, change, or adapt existing methods
Show creativity and innovation in all aspects of your responsibilities
Expected travel: 20-25%

Preferred

Preference is given to those with relevant software development or product cybersecurity engineering experience or background
Experience in Quality/Compliance and/or Audit with medical device requirements (e.g., MDSAP, EU MDR, ISO 13485)
Experience with regulated medical device software requirements: IEC 62304:2006 + AMD1:2015 - Medical device software – Software life cycle processes, IEC 82304-1:2016 - Health software – Part 1: General requirements for product safety, United States FDA Device Software Functions related Guidance's, United States FDA Interoperability related Guidance's, United States FDA AI-Enabled Device Software Function Guidance, European Commission's Guidance's on Medical Device Software (MDCG 2019-11, MDCG 2023-4, MDCG 2025-4), IMDRF's Software as a Medical Device (SaMD) Guidance's, ISO 14971:2019, EU AI Act
Experience with regulated product cybersecurity requirements: IEC 81001-5-1:2021 - Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, SW96:2023 – Standard for Medical Device Security – Security Risk Management for Device Manufacturers, United States FDA Pre-Market and Post-Market Product Cybersecurity Guidance's, European Commission's Guidance on Cybersecurity of Medical Devices (MDCG 2019-16), IMDRF's Principles and Practices for Medical Device Cybersecurity Guidance's, ENISA – EU Cybersecurity Act, ISO 80001-2 series and ISO 14971
Security Certifications (i.e., CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
Firsthand experience assessing medical device software and product cybersecurity of regulated or safety critical devices
Experience auditing Quality Systems to global requirements
Quality System Lead Auditor certified
Prior FDA or NB auditor experience
Experience performing hardware and software penetration testing
Understanding of the software and product cybersecurity development lifecycle process and product development process
Experience in leading small teams
Knowledge in risk management and assessment methodologies, product cybersecurity frameworks and relevant global regulations
Strong capability to research and evaluate emerging technologies
A solid familiarity of threat modeling, vulnerability scanning tools, and common attack routes is essential
Demonstrated ability to be flexible and take a proactive approach to managing change
Experience working in a regulated environment and/or a formal quality system
Occasional after-hours availability to accommodate different regional and global partners
Medical device engineering experience
Strong technical and troubleshooting skills
Strong interpersonal communication and ability to demonstrate a collaborative work style
Comfortable working in an ambiguous environment
Innovative thinker: ability to think outside of the current norms and processes
Independent self-starter
Solid writing and presentation skills
Interest in novel applications of technology

Benefits

Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)

Company

Medtronic

twittertwittertwitter
Glassdoor3.9
company-logo
Medtronic is a healthcare technology company that designs and develops AI-based products and solutions for the medical industry.
dateFounded in 1949
location
Minneapolis, Minnesota, USA
people-size10001+ employees
web-link
https://www.medtronic.com

H1B Sponsorship

Medtronic has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (349)
2024 (387)
2023 (291)
2022 (310)
2021 (300)
2020 (261)

Funding

Current Stage
Public Company
Total Funding
$18.16B
Key Investors
NHS EnglandBlackstone Life SciencesTrade Capital Funding
2025-09-15Post Ipo Debt· $1.76B
2024-05-29Post Ipo Debt· $3.24B
2023-03-23Post Ipo Debt· $2B

Leadership Team

leader-logo
Geoffrey Martha
CEO
linkedin
leader-logo
Linnea Burman
SVP & President, Neurovascular
linkedin

Recent News

Business Standard India
India's Leading Healthcare, Pharma & Biotech Organisations Recognised as Most Preferred Workplaces 2025-26
2025-12-29
The Motley Fool
Have $2,000? 3 Top Robotics Stocks to Buy and Hold for at Least a Decade
2025-12-27
Benzinga.com
FDA Flags Medtronic Heart Catheter Recall As Most Serious Safety Risk
2025-12-25
Company data provided by crunchbase