Cybersecurity GRC Manager for Technical Oversight of Software & Medical Solutions

• Department: Security
• Schedule: Full-Time Monday - Friday 8am-5pm CT
• Location: Remote

Job Summary:

We are seeking an experienced and dynamic Cybersecurity Manager to lead our cybersecurity team in reviewing medical devices and technical applications. In this role, you will be responsible for overseeing the cybersecurity review process for medical devices, software, and applications, ensuring compliance with regulatory standards, and driving strategies to mitigate potential cybersecurity threats. The ideal candidate will have a strong leadership background in cybersecurity within the healthcare industry, with a deep understanding of medical device technologies, risk management, and security best practices.

Key Responsibilities:

• Team Leadership:Lead and manage a team of cybersecurity professionals in the review, assessment, and mitigation of cybersecurity risks related to medical devices and applications. Provide mentorship, direction, and professional development opportunities to team members.

• Risk Management & Strategy:Develop and implement risk management strategies to assess, mitigate, and manage cybersecurity risks associated with medical devices and technical applications. Lead risk assessments, vulnerability analyses, and threat modeling exercises to identify security weaknesses and recommend corrective actions.

• Regulatory Compliance Oversight:Ensure all medical devices and applications meet industry standards, regulations, and best practices, including FDA requirements, IEC 62304, ISO 14971, HIPAA, and NIST guidelines. Stay updated on evolving regulatory frameworks and ensure the organization is compliant with the latest cybersecurity standards.

• Security Review & Auditing:Work in conjunction with other teams to facilitate the review and audit of all medical devices and technical applications. Ensure security controls are integrated throughout the product lifecycle from design and development through to deployment and post-market surveillance.

• Collaboration & Cross-Functional Engagement:Collaborate with product management, IT, legal, and regulatory teams to advise on security considerations throughout the development and lifecycle of medical devices. Provide guidance on secure product design, secure coding practices, and overall cybersecurity strategy.

• Security Awareness & Training:Lead the development and delivery of cybersecurity training and awareness programs for internal stakeholders, including product development teams and non-technical staff. Ensure that all employees understand the risks and are equipped to contribute to securing medical devices and applications. Foster a culture of cybersecurity awareness within the organization.

• Continuous Improvement & Innovation:Drive continuous improvement in cybersecurity practices, procedures, and tools. Explore and implement emerging technologies and methodologies to enhance the security posture of medical devices and applications.

Qualifications:

• Experience:
• 5+ years of experience in cybersecurity, with a significant focus on medical devices, healthcare IT, or embedded systems.
• At least 2-3 years of management experience leading teams of cybersecurity professionals in a regulated industry.
• In-depth knowledge of relevant industry standards such as FDA regulations, IEC 62304, ISO 14971, and cybersecurity frameworks like NIST and ISO 27001.
• Knowledge of medical device software architectures, including embedded systems, IoT (Internet of Things), & mobile applications in the healthcare space.
• Familiarity with cloud security practices and technologies, especially in healthcare environments.
• Previous experience in a regulatory compliance role, specifically within the medical device or healthcare industry.
• Proven experience conducting security reviews, risk assessments, penetration tests, and audits for technical applications or devices in regulated environments.
• Knowledge of medical device lifecycle, including design, testing, and deployment, and familiarity with industry-specific cybersecurity concerns.
• Certifications:
• Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or similar are required for this role..
• Skills & Knowledge:
• Strong understanding of medical device security risks, threat landscapes, and security controls.
• Proficient in cybersecurity frameworks, security architecture, risk management, and compliance for regulated industries.
• Proven ability to manage cross-functional teams and collaborate with senior leadership.
• Excellent written and verbal communication skills, with the ability to present complex cybersecurity concepts to non-technical audiences.
• Strong problem-solving abilities, decision-making skills, and attention to detail.
• Ability to work in a fast-paced environment and manage multiple priorities.

Education:

• High School diploma equivalency with 3 years of cumulative experience OR Associate'sdegree/Bachelor's degree with 2 years of cumulative experience OR 7 years of applicable cumulative job specific experience required.
• 3 years of leadership or management experience preferred.

Preferences:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

#LI-Remote

When you join Ascension, you join a team of over 134,000 individuals across the country committed to a Mission of serving others and providing compassionate, personalized care to all. Our inclusive culture, continuing education programs, career coaches and benefit offerings are just a few of the resources and tools that team members can use to create a rewarding career path. In fact, Ascension spent nearly $46 million in tuition assistance alone to support associate growth and development. If you are looking for a career where you can grow and make a difference in your community, we invite you to join our team today.

Ascension will provide equal employment opportunities (EEO) to all associates and applicants for employment regardless of race, color, religion, national origin, citizenship, gender, sexual orientation, gender identification or expression, age, disability, marital status, amnesty, genetic information, carrier status or any other legally protected status or status as a covered veteran in accordance with applicable federal, state and local laws.

For further information, view the EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster.

As a military friendly organization, Ascension promotes career flexibility and offers many benefits to help support the well-being of our military families, spouses, veterans and reservists. Our associates are empowered to apply their military experience and unique perspective to their civilian career with Ascension.

Pay Non-Discrimination Notice

Please note that Ascension will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Ascension will not solicit money or banking information from applicants.

This employer participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.E-Verify

Paid time off (PTO) Various health insurance options & wellness plans Retirement benefits including employer match plans Long-term & short-term disability Employee assistance programs (EAP) Parental leave & adoption assistance Tuition reimbursement Ways to give back to your community

Benefit options and eligibility vary by position. Compensation varies based on factors including, but not limited to, experience, skills, education, performance and salary range at the time of the offer.