Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756)

Join to apply for the Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756) role at ITmPowered Consulting

3 weeks ago Be among the first 25 applicants

Join to apply for the Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756) role at ITmPowered Consulting

Get AI-powered advice on this job and more exclusive features.

ITmPowered Consulting

Sr. IT Auditor Consultant, Hospital Medical Device IT Controls

Be on the frontlines of Technology Risk in the emerging area of Medical Device Cybersecurity! A large national hospital network can have over 350,000 connected medical devices. Many of these interconnected devices (hospital imaging equipment, patient monitoring, IV pumps, blood spinners.) and connected hospital facilities devices (elevators, door locks, ID Card readers) are exposed publicly and vulnerable to cyber-attack. To help protect this large IoMT network, our client is implementing a customized set IT Controls to secure their Medical Devices, Healthcare Technology Management Operations, and Hospital Facilities connect IT devices.

• Contract
• Nashville, TN
• Posted 2 years ago
  
  

ITmPowered Consulting

Sr. IT Auditor Consultant, Hospital Medical Device IT Controls

Be on the frontlines of Technology Risk in the emerging area of Medical Device Cybersecurity! A large national hospital network can have over 350,000 connected medical devices. Many of these interconnected devices (hospital imaging equipment, patient monitoring, IV pumps, blood spinners.) and connected hospital facilities devices (elevators, door locks, ID Card readers) are exposed publicly and vulnerable to cyber-attack. To help protect this large IoMT network, our client is implementing a customized set IT Controls to secure their Medical Devices, Healthcare Technology Management Operations, and Hospital Facilities connect IT devices.

About The Role

The Sr. IT Auditor Consultant will serve on behalf of the Technology Risk Management organization performing IT Controls Assessments for a set of 20 custom IT controls in this Hospital Medical Device Cybersecurity Program. Plan and perform full lifecycle audits (scope, plan, fieldwork, reporting) assessing Audit IT Controls Design prior to implementation and IT Controls Execution once implemented. Helping the Med Device Cybersecurity team where they have controls gaps and findings and understand how effective IT controls should be implemented.

What You’ll Accomplish

• As a part of the Technology Risk Office this role will be conducting IT Controls Assessments (IT Audits) of roughly 20 customized Medical Device cybersecurity IT Controls being implemented enterprise wide.
• Conduct full IT Controls Risk Assessments on each of 20+ custom Med Device cybersecurity IT Controls twice.
• First by testing Controls Design (does it make sense) prior to implementation and
• Second testing Controls Execution (is control actually working) once the controls are implemented.
• Spearhead IT Controls Assessments end to end (scoping, planning, fieldwork/controls testing, and reporting)
• Scope and Plan IT Controls Assessment engagements. Lead Kickoff meetings, set expectations and schedule.
• Clearly document IT Controls processes narratives (step 1, 2, 3…) of planned or current IT Control processes.
• Fieldwork – Conduct detailed IT Controls Testing, gather, and document detailed IT Controls test results supported by clear evidentiary artifacts.
• Reporting – Write full IT Controls Assessment (IT Audit) Reports – Assessment Scope, Audit details, controls inspection / testing results, IT Controls Assessment Findings with clearly communicated Risk severity, likelihood, impact, and Controls deficiency Risk Remediation Recommendations and Corrective Action Plans.
• Plan & conduct complex IT Audit Controls Assessments for Hospital Medical Device cybersecurity through full device lifecycle (device procurement, intake, implementation, operations, maintenance, decommissioning)
• Assess IT Risk Controls for Hospital Med Device Cybersecurity Controls across IAM, logical access, password vaulting, network security, logging and monitoring, vulnerability management, change management, etc.)
  

What We’re Looking For

• Bachelor’s degree. BS/BA in IT, CS, MIS or related field preferred. or equivalent work experience.
• 3-5 years leading IT Audits end to end (scoping, planning fieldwork/controls testing, reporting).
• CISA certification and CISSP, CCSP, CEH, CRISA, Security+ or similar, related certification.
• Solid expertise in documenting processes IT Audit narratives (step 1, 2, 3…) of planned or current processes.
• Solid understanding of IT Controls and controls frameworks, NIST 800-53, RMF, CSF, HITRUST, etc.
• Understanding of HIPAA and other regulatory frameworks (e.g., HIPAA, PCI, SOX, GDPR, etc.)
• Experience advising and providing guidance on effective IT Controls Implementation.
  
  

Preferred Experience

• Prior experience in a hospital provider environment managing electronic medical devices equipment.
• 1-3 years’ experience electronic medical device management, operations, or cybersecurity in a hospital.
• Med Device Certifications: CHTM, CBET, CABT, CRES, or Med Device cybersecurity certifications.
• Familiarity in Hospital Medical Device Management CMMS systems – Nuvolo or similar.
• Ideal: Experience in Hospital Med Device Management then shifted to IT Audit / Technology Risk Mgmt.
  
  

Logistics

• Work remotely anywhere in Domestic US. Preferred locations Colorado or Georgia.
• COVID-19 Vaccine and Booster Required – OR must provide valid medical exemption from doctor in advance.
• Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
• You will need to be a current US Citizen or valid Green Card holder. No need for visa now or in future. This role is not able to offer visa transfer or sponsorship now or in the future.
• W2 only – No sub vendors. Sponsorship NOT available.
• Must have direct contact information on resume (phone / email) to be considered.
  
  

To apply for this job email your details to careers@itmpowered.com

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Business Consulting and Services

Referrals increase your chances of interviewing at ITmPowered Consulting by 2x

Nashville Metropolitan Area $80,000.00-$100,000.00 12 hours ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.