Sr. Technology Risk Consultant – Medical Device / IoT Cybersecurity – ITmPowered
Serve as Sr. Technology Risk Consultant on behalf of Technology Risk Management organization in support of a national Medical Device / IoT Cybersecurity Program. Technology Risk consultant helping the medical device cybersecurity program and clinical healthcare technology group understand the cyber and regulatory landscape and how best to align with cyber, privacy and industry framework requirements including but not limited to: NIST CSF, NIST SP 800-53, HIPAA, FDA cybersecurity, Cyber Executive Orders, etc. Help build an effective Medical Device cybersecurity risk management program that helps the Clinical Technology group manage the risks against control framework commitments, regulatory obligations, and cyber threats to their Board/stakeholders.
Responsibilities:
- Perform Medical Device cyber risk assessments to determine whether NIST Controls, HIPAA, regulatory and cybersecurity requirements are being effectively met through control design and execution.
- Lead and facilitate cyber risk assessments end to end; Scoping, Planning, Fieldwork (NIST controls testing and evidence gathering), and Reporting findings, risks, remediation / corrective action plans.
- Advise on Cyber Risk Controls design, risk mitigation design, compensating controls, and risk reduction.
- Consult on Medical Device Cybersecurity Controls baselines and hardening guides across device families.
- Perform risk assessments on Med Device cybersecurity program tools (IAM, PAM, micro firewalls, netseg).
- Advise on integration of baseline security practices into corporate medical device security framework in alignment with NIST 800-53 and HIPAA frameworks.
- Advise on mapping IT Risk processes to Medical Device Cyber Risk processes, intake, workflows, workloads, process steps, actions, documentation, and reporting.
- Provide Risk Advisory guidance to Medical Device cyber program practitioners on effective risk assessment processes, controls frameworks and standards, hardening guides and baselines, risk reporting and remediation.
- Set upfront expectations with stakeholders on assessment process, scope, plan, schedule, stakeholder involvement, assessment reports, remediation planning, corrective action plans – to drive risk reduction.
- Write clear, effective, succinct Cyber Risk Assessment documentation and templates including Cyber Risk Assessment Reports, Executive Summaries, Detailed Risk Reports, Remediation plans, Corrective Action Plans, and clear recommendation guidance on effective Controls Design and implementation.
- Communicate fluidly with Clinical Healthcare Technology Managers, medical device cybersecurity operations with clear, succinct, digestible information that resonates with each audience and drives risk reduction.
Qualifications / Skills / Abilities:
- Education: Bachelor’s Degree in information systems is preferred or 5+ years of equivalent work experience.
- 5+ years of IT Audit, Risk Management, Risk Assessment, or Cybersecurity Risk Assessment experience.
- CISA, CISM, and/or CISSP Certifications are preferred.
- IoT / Med Device Cybersecurity background – Assessing patient monitoring devices, Wearable Med Devices, Laboratory / Imaging / radiology devices, Medical Facility Controls (Badging, cameras, doors, elevators).
- Experience with risk / control frameworks / standards: NIST SP 800-53, NIST CSF, HITRUST, etc.
- Familiarity with HIPAA Security, IT controls, and controls mapping. FDA cybersecurity guidance preferred.
- Familiarity with OWASP Top 10, CIS Top 20 Controls.
- Ability to lead and facilitate end to end cyber risk assessments (Scope, Plan, Kickoff, Fieldwork, Report).
- Ability to manage multiple assessment projects with broad scope, ambiguity, and high degree of difficulty.
- Strong writing and verbal communication skills to convey technical and risk concepts to non-experts.
- Flexibility in the face of changing priorities and business needs.
- Independently research new topics and present executive summaries.
Preferred Experience / Nice to have:
- Prior experience IT Auditing / Cyber / Risk Assessing – Medical Devices.
- Background in Clinical Healthcare Technology Management (CHTM / CBET / etc.).
- Familiarity with CMMS / Medical device asset management systems, FDA/TJC regulations, medical device vendor cybersecurity (MDS2/CBOM), CHTM asset onboarding and certification processes.
#J-18808-Ljbffr