IT Risk Management (Vulnerability Management) Analyst– IoT Med Device Cyber (remote) Be on the frontlines of Technology Risk Management in the emerging area of Medical Device Cybersecurity! A large national hospital network can have over 350,000 connected medical devices. Many of these interconnected devices (hospital imaging equipment, patient monitoring, IV pumps, blood spinners.) and connected […]
IT Risk Management (Vulnerability Management) Analyst– IoT Med Device Cyber (remote)
Be on the frontlines of Technology Risk Management in the emerging area of Medical Device Cybersecurity! A large national hospital network can have over 350,000 connected medical devices. Many of these interconnected devices (hospital imaging equipment, patient monitoring, IV pumps, blood spinners.) and connected hospital facilities devices (elevators, door locks, ID Card readers) are exposed publicly and vulnerable to cyber-attack. To help mitigate these risks, the IT Risk Vulnerability Management Analyst will provide insight and program guidance on the IT Risk Vulnerability Management program for IoT/Medical Devices enterprise wide.
Responsibilities:
- Support IT Risk and Vulnerability Management program for 200,000+ devices (IT, IoT, OT, Medical).
- Work with Vulnerability Scanning and cyber teams to pull together vulnerabilities, group them logically, and do data enrichment from other systems validate and prioritize vulnerabilities for the risk reduction process.
- Pull and enrich TVM Data, prioritize vulnerabilities based on various criteria.
- Create IoT Med Device Vulnerability Reports for IT/OT/HTM Teams and reports for System Owners.
- Use your IT Risk background to organize and Manage Vulnerability data by Site, Assets, locations, vendors.
- Help teams create and manage Vulnerability Remediation Action Plan Projects with progress tracking.
- Provide TVM Risk guidance, coordination, reporting, and governance enablement.
- Support the IT Risk and Vulnerability Management Process from Discovery to remediation and validation.
- Perform reporting and risk analysis on IoT/OT/Medical Device Vulnerability management efforts.
- Leverage TVM data to communicate the need for remediation to leadership.
- Assist in identifying ownership and prioritizing replacement for end-of-life devices.
- Provide status reports and guidance to HTM/Business Executives and stakeholders.
- Assist business partners with control implementation or vulnerability remediation.
Qualifications:
- 7 years of IT Risk Management, Compliance, Information Security, or Cybersecurity.
- Certifications: CISSP, CRISC, GCED, GTIC, or similar Cybersecurity certification.
- Experience in Hospitals, Healthcare, or Medical Devices.
- Past experience with vulnerability programs and the Vulnerability Management lifecycle (Asset Discovery, Vulnerability Scanning, Reporting, Remediation, and Validation) to show real IT Risk Reduction over time.
- Experience with Vulnerability Management and IT Risk management processes, coordination, and governance.
- Critical thinking and analysis skills for risk metrics aggregation and presentation.
- Excellent communication skills for reporting and presenting to executive stakeholders.
- Ability to independently manage workload and self-direct.
- Preferred: Experience in Medical Device/IoT Vulnerability Management and Risk Management.
LOGISTICS:
- Must be willing to work 8-5 M-F Pacific time. Must reside in Pacific, Mountain, or Central time zones.
- COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from doctor in advance.
- Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
- You will need to be a current US Citizen or valid Green Card holder. No need for a visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
- W2 only – No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone and email) to be considered.
