Intuitive Surgical Careers
Director, Information Security
Primary Location: United States-California-US-CA-Sunnyvale
Requisition ID: 182255
Who is Intuitive Surgical? The numbers tell an amazing story. Learn more about our company.
If you exemplify our values and want to be part of Company that is really passionate about providing value for the patients and customers we serve, this is the role for you.
Primary Function of this Position:
The Director, Information Security is responsible for establishing and maintaining Intuitive Surgical’s overall information security program, which is designed to ensure that the company’s IT systems and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating, mitigating, and reporting on information security risks in a manner that meets regulatory and other compliance requirements. The person works proactively with the various business units and other internal departments to implement practices that meet defined policies and standards for information security management. A crucial element of the role is working with senior executives, line-of-business managers and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal departments and organizations. The candidate must possess in-depth knowledge of business environment, to ensure that the company's IT systems are appropriately protected and fully functional.
The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant. The candidate must also possess solid domain competencies in a number of information security disciplines, including security, business continuity management, privacy and compliance.
Roles and Responsibilities:
• Oversee and manage portfolio of information security initiatives, and manage a team of subject matter experts
• Develop a comprehensive risk management program
• Develop a thorough information security roadmap and execute to address risks
• Collaborate with internal and external teams to solve problems, secure buy-in for initiatives and execute
• Define information security standards, processes, and policies and drive adoption
• Continuously enhance security defenses to mitigate risks to information assets
• Facilitate business alignment and communications by forming an IT risk management steering committee or advisory board.
• Develop and present key metrics related to information security risks to management
• Define and drive information security and privacy requirements into practices across business processes, applications and technologies
• Ensure close alignment with IT infrastructure and application development teams to drive full integration of security standards and processes
• Partner with internal audit and legal team for security compliance audits
• Develop and improve identity access management system, security controls in business applications and data
• Implement a comprehensive security awareness program for the organization
• Strong planning, organizational, and leadership skills, including the ability to mobilize and motivate teams, set direction and approach, resolve conflict, deliver tough messages with grace, and execute with limited information and ambiguity
• Able to implement processes and procedures to help improve security posture of the company
• Demonstrate experience in building information security teams, security roadmaps, and implementation plans
• Excellent interpersonal and communication skills and proven ability to work effectively with all organizational levels
• Ability to promote innovative ideas and accept the risks that are required to lead change
• Able to foster and build a collaborative working relationship with various stakeholders
• Strong interpersonal skills, including the ability to make effective presentations, and proven ability to quickly earn the trust of sponsors and key stakeholders
• Basic knowledge of a broad range of standards and frameworks — for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration, NIST Standards, FAIR
• Knowledge of common risk management methodologies — for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management
• More than 8 years of progressive IT Infrastructure and IT Security with an emphasis on IT Risk Management
• Experience in building IT Risk Management program and compliance processes
• Competent in project management, governance formulation, and team management
• Experience in leading projects and programs within and outside IT, as well as those that involved external providers
• Bachelor’s degree in Information Technology, or related degree, required
We are an AA/EEO/Veterans/Disabled employer
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.