Information Security Governance, Risk & Compliance (GRC) Director at Medtronic

We anticipate the application window for this opening will close on - 23 Dec 2025At Medtronic you can begin a life-long career of exploration and innovation while helping champion healthcare access and equity for all. Youll lead with purpose breaking down barriers to innovation in a more connected compassionate world.A Day in the LifeThe Information Security Governance Risk & Compliance (GRC) Director is responsible for leading and maturing the companys global security governance framework enterprise cyber risk management program and compliance activities across IT OT cloud and regulated medical device environments. This leader ensures alignment with cybersecurity expectations Quality System requirements and industry best practices. The Director partners closely with IT R&D Operations Legal/Privacy Quality & Regulatory (QARA) and Internal Audit to strengthen the companys security posture reduce enterprise risk and ensure readiness for audits inspections and regulatory submissions. This position is an exciting opportunity to work with Medtronics Diabetes business. Medtronic has announced its intention to separate the Diabetes division to promote future growth and innovation within the business and reallocate investments and resources across Medtronic subject to applicable information and consultation requirements. This separation provides our team with a bold opportunity to unleash our potential enabling us to operate with greater speed and agility. As a separate entity we anticipate leveraging increased investments to drive meaningful innovation and enhance our impact on patient care.Responsibilities may include the following and other duties may be assigned.Governance & Security Program ManagementDevelop manage and continuously improve the Information Security Governance framework based on NIST800-53ISO 27001 and corporate riskobjectives.Establish andmaintainenterprise security policies standards and procedures in coordination with QARA Legal and IT.Lead the security steering committees and reporting for executive leadership and board-level governance.Enterprise Cyber Risk ManagementOwn the global cyber risk management strategy including frameworks methodologies risk assessments and reporting.Partner with business units manufacturing sites and R&D toidentify assess and mitigate technology and cybersecurity risks.Maintain the enterprise cyber risk register and report key risks KRIs and risk treatment plans to the CISO and leadership.Lead risk assessments for new products vendors technologies and manufacturing systems.Regulatory & Compliance OversightEnsure ongoing compliance withSOX NIST 800-53 HIPAA and global data protection laws.Lead cybersecurity components of internal audits and third-party assessments.Manage alignment with industry frameworks.Controls Assurance & Audit ReadinessBuild andoperatea controls assurance program including internal control testing continuous monitoring and audit preparation.Serve as the primary Information Security liaison to Internal AuditandQuality AuditDevelop and track remediation plans for audit findings vulnerabilities and nonconformities.Vendor & Third-Party SecurityOversee third-party cybersecurity risk assessments contract security language and ongoing monitoring of suppliers including global manufacturing partners.Work with Procurement and Legal to ensure supply chain cyber requirements are enforced.Team Leadership & Cross-Functional CollaborationLead mentor and develop a high-performing GRC team (policy risk audit compliance privacy alignment).Communicate cyber risks and compliance status to executives in a clear business-focused manner.Required Knowledge and Experience:Requires a Bachelors degree and minimum of 10 years of relevant experience with 7 years of managerial experience or advanced degree with a minimum of 8 years of relevant experience with 7 years of managerial experience.Nice to Have:Bachelors degree in Cybersecurity Information Technology Engineering or related field.10 years of experience in information security with at least 5 years in a GRC leadership role.Deep understanding of NIST800-53 NIST CSF ISO 27001 andSOXExperience leading enterprise risk assessments control testing programs and audit engagements.Demonstrated success building and managing high-performance teams.Excellent communication skills including the ability to present complex security topics to executives and regulators.Strong leadership presence and executive communicationStrategic and analytical mindset with a risk-based approachAbility to influence cross-functionally in a regulated environmentStrong understanding of product manufacturing and enterprise cybersecurityContinuous improvement and quality-driven mindsetPhysical Job RequirementsThe above statements are intended to describe the general nature and level of work being performed by employees assigned to this position but they are not an exhaustive list of all the required responsibilities and skills of this position.The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job the employee is regularly required to be independently mobile. The employee is also required to interact with a computer and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role.Benefits & CompensationMedtronic offers a competitive Salary and flexible Benefits PackageA commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits resources and competitive compensation plans designed to support you at every career and life stage.Salary ranges for U.S (excl. PR) locations (USD):$176800.00 - $265200.00This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).This position is eligible for an annual long-term incentive plan.The base salary range is applicable across the United States excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience certification/education market conditions and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others).The following benefits and additional compensation are available to those regular employees who work 20 hours per week: Health Dental and vision insuranceHealth Savings AccountHealthcare Flexible Spending AccountLife insurance Long-term disability leaveDependent daycare spending accountTuition assistance/reimbursement andSimple Steps (global well-being program).The following benefits and additional compensation are available to all regular employees:Incentive plans 401(k) plan plus employer contribution and matchShort-term disabilityPaid time offPaid holidaysEmployee Stock Purchase PlanEmployee Assistance ProgramNon-qualified Retirement Plan Supplement (subject to IRS earning minimums) andCapital Accumulation Plan (available to Vice Presidents and above or subject to IRS earning minimums).Regular employees are those who are not temporary such as interns. Temporary employees are eligible for paid sick time as required under applicable state law and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico.Further details are available at the link below:Medtronic benefits and compensation plansAbout MedtronicWe lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.Our Mission to alleviate pain restore health and extend life unites a global team of 95000 passionate people.We are engineers at heart putting ambitious ideas to work to generate real solutions for real people. From the R&D lab to the factory floor to the conference room every one of us experiments creates builds improves and solves. We have the talent diverse perspectives and guts to engineer the extraordinary.Learn more about our business mission and our commitment to diversity here.It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age color national origin citizenship status physical or mental disability race religion creed gender sex sexual orientation gender identity and/or expression genetic information marital status status with regard to public assistance veteran status or any other characteristic protected by federal state or local addition Medtronic will provide reasonable accommodations for qualified individuals with disabilities.If you are applying to perform work for Medtronic Inc. (Medtronic) in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County you can findhere a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.Required Experience:Director Key Skills Crisis Management,Splunk,Google Cloud Platform,Cybersecurity,Identity & Access Management,Management Experience,PCI,NIST Standards,Emergency Management,Security,Information Security,Encryption Employment Type : Full-Time Experience: years Vacancy: 1 Monthly Salary Salary: 176800 - 265200