Vacancy expired!
- Perform Medical Device cyber risk assessments to determine whether NIST Controls, HIPAA, regulatory and cybersecurity requirements are being effectively met through control design and execution.
- Lead and facilitate cyber risk assessments end to end; Scoping, Planning, Fieldwork (NIST controls testing and evidence gathering), and Reporting findings, risks, remediation / corrective action plans.
- Advise on Cyber Risk Controls design, risk mitigation design, compensating controls, and risk reduction.
- Consult on Medical Device Cybersecurity Controls baselines and hardening guides across device families.
- Perform risk assessments on Med Device cybersecurity program tools (IAM, PAM, micro firewalls, netseg).
- Advise on integration of baseline security practices into corporate medical device security framework in alignment with NIST 800-53 and HIPAA, frameworks.
- Advise on mapping IT Risk processes to Medical Device Cyber Risk processes, intake, workflows, workloads, process steps, actions, documentation, and reporting.
- Risk Advisory guidance to Medical Device cyber program practitioners on effective risk assessment processes, controls frameworks and standards, hardening guides and baselines, risk reporting and remediation.
- Set upfront expectations with stakeholders on assessment process, scope, plan, schedule, stakeholder involvement, assessment reports, remediation planning, corrective action plans - to drive risk reduction.
- Write clear, effective, succinct, Cyber Risk Assessment documentation and templates including Cyber Risk Assessment Reports, Executive Summaries, Detailed Risk Reports, Remediation plans, Corrective Action Plans, and clear recommendation guidance on effective Controls Design and implementation.
- Communicate fluidly with Clinical Healthcare Technology Managers, medical device cybersecurity operations with clear, succinct, digestible information that resonates with each audience and drives risk reduction.
- Education: Bachelor's Degree in information systems is preferred or 5+ years of equivalent work experience.
- 5+ years of IT Audit, Risk Management, Risk Assessment, or Cybersecurity Risk Assessment experience
- CISA, CISM, and/or CISSP Certifications are preferred.
- IoT / Med Device Cybersecurity background - Assessing patient monitoring devices, Wearable Med Devices, Laboratory / Imaging /radiology devices, Medical Facility Controls (Badging, cameras, doors, elevators).
- Experience with risk / control frameworks / standards: NIST SP 800-53, NIST CSF, HITRUST, etc.
- Familiarity with HIPAA Security, IT controls, and controls mapping. FDA cybersecurity guidance preferred.
- Familiarity with OWASP Top 10, CIS Top 20 Controls
- Ability to lead and facilitate end to end cyber risk assessments (Scope, Plan, Kickoff, Fieldwork, Report)
- Ability to manage multiple assessment projects with broad scope, ambiguity, and high degree of difficulty
- Strong writing and verbal communication skills to convey technical and risk concepts to non-experts.
- Flexibility in the face of changing priorities and business needs
- Independently research new topics and present executive summaries.
- Prior experience IT Auditing / Cyber / Risk Assessing - Medical Devices
- Background in Clinical Healthcare Technology Management (CHTM / CBET / etc.))
- Familiarity with CMMS / Medical device asset management systems, FDA/TJC regulations, medical device vendor cybersecurity (MDS2/CBOM), CHTM asset onboarding and certification processes.
Vacancy expired!