Intuitive Surgical Careers

Director, Information Systems Risk Management and Compliance

US-CA-Sunnyvale, California
IT/Information Systems

Job Description

Job: IT/Information Systems
Primary Location: United States-California-US-CA-Sunnyvale
Schedule: Full-time
Requisition ID: 182255


Company Description:

Who is Intuitive Surgical? The numbers tell an amazing story. Learn more about our company.

Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.


If you exemplify our values and want to be part of Company that is really passionate about providing value for the patients and customers we serve, this is the role for you.

Primary Function of this Position:

The Director of IT Risk Management is responsible for establishing and maintaining Intuitive Surgical’s overall IT risk management program, which is designed to ensure that the company’s IT systems and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets regulatory and other compliance requirements. The person works proactively with the various business units and other internal departments to implement practices that meet defined policies and standards for information risk management.

The Director of IT Risk Management is the "process owner" for all IT-related risk assessment and identification activities, for the company's IT systems and information assets and for its IT-dependent strategic business objectives. A crucial element of the role is working with senior executives, line-of-business managers and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal departments and organizations. The candidate must possess in-depth knowledge of business environment, to ensure that the company's IT systems are appropriately protected and fully functional.

The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant. The candidate must also possess solid domain competencies in a number of IT-risk-related disciplines, including security, business continuity management, privacy and compliance.

Roles and Responsibilities:

• Manage all the risk-related activities of Intuitive Surgical’s IT organization, including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
• Manage oversight and monitoring of risk mitigation and coordination of policy and controls to ensure effective remediation steps are executed.
• Benchmark the risk management practices of other companies — particularly those in related industries or with similar business models — maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to Intuitive Surgical’s established IT policies and practices.
• Create, disseminate and (as required) update documentation of Intuitive Surgical’s matrix of identified IT risks and controls.
• Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection.
• Design and conduct risk assessments.
• Manage the oversight of technical risk assessments, such as vulnerability scanning and penetration testing.
• Manage information asset and application risk assessments.
• Conduct risk reviews for new applications.
• Manage third-party risk assessments.
• Coordinate information security and risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations.
• Facilitate business alignment and communications by forming an IT risk management steering committee or advisory board.
• Review risk assessments, analyze the effectiveness of IT control activities and report on them — with actionable recommendations — to the management.
• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.

Skill/Job Requirements:

• Strong planning, organizational, and leadership skills, including the ability to mobilize and motivate teams, set direction and approach, resolve conflict, deliver tough messages with grace, and execute with limited information and ambiguity
• Excellent interpersonal and communication skills and proven ability to work effectively with all organizational levels
• Ability to promote innovative ideas and accept the risks that are required to lead change
• Able to foster and build a collaborative working relationship with various stakeholders
• Strong interpersonal skills, including the ability to make effective presentations, and proven ability to quickly earn the trust of sponsors and key stakeholders
• Basic knowledge of a broad range of standards and frameworks — for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration, NIST Standards, FAIR
• Knowledge of common risk management methodologies — for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management
• More than 8 years of progressive IT Infrastructure and IT Security with an emphasis on IT Risk Management
• Experience in building IT Risk Management program and compliance processes
• Competent in project management, governance formulation, and team management
• Experience in leading projects and programs within and outside IT, as well as those that involved external providers
• Bachelor’s degree in Information Technology, or related degree, required

We are an AA/EEO/Veterans/Disabled employer
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.