Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756)
Company: ITmPowered
Location: Atlanta
Posted on: November 6, 2024
Job Description:
Sr. IT Auditor Consultant, Hospital Medical Device IT
Controls
Be on the frontlines of Technology Risk in the emerging area of
Medical Device Cybersecurity! A large national hospital network can
have over 350,000 connected medical devices. Many of these
interconnected devices (hospital imaging equipment, patient
monitoring, IV pumps, blood spinners) and connected hospital
facilities devices (elevators, door locks, ID Card readers) are
exposed publicly and vulnerable to cyber-attack. To help protect
this large IoMT network, our client is implementing a customized
set of IT Controls to secure their Medical Devices, Healthcare
Technology Management Operations, and Hospital Facilities connected
IT devices.
About the Role:
The Sr. IT Auditor Consultant will serve on behalf of the
Technology Risk Management organization performing IT Controls
Assessments for a set of 20 custom IT controls in this Hospital
Medical Device Cybersecurity Program. Plan and perform full
lifecycle audits (scope, plan, fieldwork, reporting) assessing
Audit IT Controls Design prior to implementation and IT Controls
Execution once implemented. Helping the Med Device Cybersecurity
team where they have controls gaps and findings and understand how
effective IT controls should be implemented.
WHAT YOU'LL ACCOMPLISH
- Conduct IT Controls Assessments (IT Audits) of roughly 20
customized Medical Device cybersecurity IT Controls being
implemented enterprise-wide.
- Conduct full IT Controls Risk Assessments on each of the 20+
custom Med Device cybersecurity IT Controls twice:
- Testing Controls Design (does it make sense) prior to
implementation.
- Testing Controls Execution (is control actually working) once
the controls are implemented.
- Spearhead IT Controls Assessments end to end (scoping,
planning, fieldwork/controls testing, and reporting).
- Scope and Plan IT Controls Assessment engagements. Lead Kickoff
meetings, set expectations, and schedule.
- Clearly document IT Controls processes narratives (step 1, 2,
3---) of planned or current IT Control processes.
- Conduct detailed IT Controls Testing, gather, and document
detailed IT Controls test results supported by clear evidentiary
artifacts.
- Write full IT Controls Assessment (IT Audit) Reports -
Assessment Scope, Audit details, controls inspection/testing
results, IT Controls Assessment Findings with clearly communicated
Risk severity, likelihood, impact, and Controls deficiency Risk
Remediation Recommendations and Corrective Action Plans.
- Plan & conduct complex IT Audit Controls Assessments for
Hospital Medical Device cybersecurity through full device lifecycle
(device procurement, intake, implementation, operations,
maintenance, decommissioning).
- Assess IT Risk Controls for Hospital Med Device Cybersecurity
Controls across IAM, logical access, password vaulting, network
security, logging and monitoring, vulnerability management, change
management, etc.
WHAT WE'RE LOOKING FOR
- Bachelor's degree. BS/BA in IT, CS, MIS, or related field
preferred, or equivalent work experience.
- 3-5 years leading IT Audits end to end (scoping, planning,
fieldwork/controls testing, reporting).
- CISA certification and CISSP, CCSP, CEH, CRISA, Security+ or
similar, related certification.
- Solid expertise in documenting processes IT Audit narratives
(step 1, 2, 3---) of planned or current processes.
- Solid understanding of IT Controls and controls frameworks,
NIST 800-53, RMF, CSF, HITRUST, etc.
- Understanding of HIPAA and other regulatory frameworks (e.g.,
HIPAA, PCI, SOX, GDPR, etc.).
- Experience advising and providing guidance on effective IT
Controls Implementation.
Preferred experience:
- Prior experience in a hospital provider environment managing
electronic medical devices equipment.
- 1-3 years' experience in electronic medical device management,
operations, or cybersecurity in a hospital.
- Med Device Certifications: CHTM, CBET, CABT, CRES, or Med
Device cybersecurity certifications.
- Familiarity with Hospital Medical Device Management CMMS
systems - Nuvolo or similar.
- Ideal: Experience in Hospital Med Device Management then
shifted to IT Audit / Technology Risk Management.
LOGISTICS:
- Work remotely anywhere in Domestic US. Preferred locations
Colorado or Georgia.
- COVID-19 Vaccine and Booster Required - OR must provide valid
medical exemption from doctor in advance.
- Must be able to successfully pass a 12-panel drug screen,
10-year background check, employment verification.
- You will need to be a current US Citizen or valid Green Card
holder. No need for visa now or in future. This role is not able to
offer visa transfer or sponsorship now or in the future.
- W2 only - No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone/email) to
be considered.
#J-18808-Ljbffr
Keywords: ITmPowered, Chattanooga , Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756), Healthcare , Atlanta, Tennessee
Didn't find what you're looking for? Search again!
Loading more jobs...