Cybersecurity Assurance Lead
Tokyo, Japan
Intuitive
Company Description
会社の説明Intuitiveでは、果たすべき使命に向けて皆で団結して取り組みます。当社は、低侵襲治療は生活をより豊かにする治療であると考えています。独創性とインテリジェントなテクノロジーを通じて医師の潜在能力を広げ、制約なく治療できるようにします。
私たちは、ロボット支援手術におけるパイオニアであり市場リーダーとして、インクルーシブで多様性のあるチームの育成に努め、変化を生み出すことに尽力しています。25年以上にわたり、世界中の病院や医療チームと協力して、ヘルスケアのいくつかの最も困難な課題の解決を支援し、可能なことを前に進めてきました。
Intuitiveは、さまざまなバックグラウンドを持つ優秀な人材の努力によって成り立っています。優れたアイデアはどこからでも得られると信じ、私たちは、思考の多様性と相互の尊重に根差したインクルーシブな文化の醸成に努めます。また、包摂性(インクルージョン)を持ってチームメンバーを指導し、ありのままの自分で最高の仕事ができるよう力づけます。
変化を生み出すことを望む情熱的な人々が、当社の文化の原動力となっています。私たちのチームメンバーは、誠実さを重視し、高い学習能力と物事をやり遂げるエネルギーを持ち、当社が新しい考え方ができるよう多様な実体験をもたらします。私たちは、チームメンバーが引き続き当社の使命を遂行し、最大限の可能性を実現できるよう、積極的に投資して彼らの長期的な成長をサポートします。
医療従事者と患者さんのグローバルなコミュニティを目指して大きく躍進しようと尽力しているチームの一員になってください。一緒に、低侵襲治療の向上に取り組みましょう。
Job Description
Primary Function of Position:
- Intuitive Surgical is a highly innovative medical device manufacture that has changed the paradigm of minimal invasive surgery. We are looking for an individual that understands security controls, data privacy and NIST, ISO and HIPPA regulation and guidance’s and wants to apply that skillset to support pre/post sales activities of our medical devices/services; this can include conference calls with C-level, Data Privacy Officer, Net/Sec Engineers, Legal, and Clinical customers to articulate and or answer security designs/questions of our product/services; completing customer risk assessment documentation and working with our Contract/Legal teams reviewing security and sales / service agreements. This role bridges traditional boundaries between cyber and IT risk and looks to expand better partnerships with sales and our customers to drive a more efficient sales/support customer experience.
Roles and Responsibilities:
- Complete customer cyber risk and data privacy audit documentation with respect to our product and services
- Work closely with our internal regulatory bodies to ensure security, data and HIPPA policies are functional, effective and are in accordance with domestic and international regulatory compliances
- Participate in pre-sales activities to champion the products cybersecurity and data privacy design, controls, and policies.
- Partner with product engineering to create and maintain manufacturing disclosure statements MDS2
- Understand the information lifecycle, including data transfer, data in-use and data at rest of products and services.
- Demonstrated ability to investigate and learn new technologies and products.
- Be knowledgeable with Intuitive Surgical’s cybersecurity, HIPPA and data privacy policies, processes, procedures
- Be able to execute ad-hoc projects as assigned by management
- Be able to work within a Global Support Team and providing support wide range of time zones; some travel and a flexible work schedule is required
- Collaborate with executive management and department leaders to assess near- and long-term Information Security compliance needs
- Serve as subject matter expert to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (e.g. SOX 2, HIPAA, etc.) and industry best practices (e.g. NIST CSF, ISO 27001, etc.)
- Act as Information Security Officer for digital solutions, supporting cyber and data regulations and guidelines for networked medical devices and services.
- Administer access and authorities related to digital products in accordance with company guidelines and local requirements.
- Create and maintain service or department procedures and documentation
- ISMS(Information Security Management System)SLA(Service Level Agreement)
- SBOM(Software Bill of Materials)やMDS2(Manufacturer Disclosure Statement for Medical Device Security)
Qualifications
Skill/Job Requirements:
- Minimum of 5 years of experience in Information Security, Internal Audit and/or IT Risk Management functions
- Minimum of 3 years of experience with managing IT, Internal Audit or Information Security compliance programs
- Minimum of 3 years of information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, CSA CCM and PCI DSS
- Familiar working with hospital IT or in medical regulated environment
- Knowledge of FDA pre and post management of cybersecurity of medical device guidance’s, NIST Cybersecurity Framework and or ISO 270001
- Experienced with network security infrastructure, threats, and vulnerabilities to networks, and mitigate security threats.
- Experience with encryption, cryptography and certificate/key management.
- Understanding of the Risk Management Framework (RMF)
- Great customer facing skills that can discuss technical information with a wide range of audiences (from a service engineer, clinicians to a CTO/CIO)
- Exceptional ability to multi-task, make sound judgments and respond with a sense of urgency in order to effectively support the business. Thoroughness in completing tasks is imperative.
- Experience managing and completing projects
- Ability to handle stress and work well under pressure
- Knowledge of key IT risks, controls, and ability to use technology-based audit techniques.
- Experience in supporting the formal testing required by government/industry accrediting authorities and preparing System Security Plans
- Understanding of information operations concepts such as: Access Control, User Authentication & Identity Management, Vulnerability and Malware Analysis.
Additional Information
退役軍人の地位、障がいの有無、遺伝情報、連邦・州・地域の適用法で保護されているその他地位に関係なく、すべての適格な応募者および従業員に均等に雇用機会を提供し、かつあらゆる種類の差別や嫌がらせを禁止します。
当社は、雇用機会均等法に従い、逮捕歴や犯罪歴のある適格な応募者の雇用を検討します。
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C Compliance Cryptography Encryption Governance HIPAA ISMS ISO 27001 Malware Network security NIST PCI DSS Privacy Risk assessment Risk management RMF SBOM SOX System Security Plan Vulnerabilities
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.