Cyber Security IOT IOMT Analyst - New York, United States - Crothall Healthcare

Description

SUMMARY: As a direct report to the Director Medical Device Cybersecurity and Integration, IoT (Internet of Things) and IoMT (Internet of Medical Things) Cybersecurity Analyst will be responsible for supporting Crothalls overall cybersecurity and IoT security initiatives including defined day-to-day managed services activities. The Analyst will also report to Clients Sr. Director of Security. Utilizing Crothalls cybersecurity framework, technologies and policies and procedures, the IoT and IoMT Cybersecurity Analyst will be involved in response to cybersecurity alerts, ensuring Client KPIs are met, perform audits and risk assessments of IoT and IoMT, and provide subject matter expertise with Crothall resources for IoT and IoMT cybersecurity.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Monitors and responds to Crothalls comprehensive IoT, medical device asset, and cybersecurity management platform findings and mitigating steps.
• Engage and work with Clients IT department to inform of steps that can be taken on Clients network or enterprise security tools
• Correlate and perform GAP analysis on discovered IoT and IoMT devices
• Triage, respond and assign work orders generated from Crothalls CMMS cybersecurity module as appropriate
• Ensure work orders are completed within defined KPIs and assist on site Crothall resources if needed for successful completion
• Develop and maintain periodic IoT/IoMT cybersecurity risk reports to client IT department
• Research and engage OEMs for available approved patches, firmware upgrades, and MDS2 forms
• Assist in developing practical strategies to reduce cybersecurity risks related to IoT/IoMT
• Maintain database of approved patches, firmware upgrades, and MDS2 forms
• Collaborate and work with Client to respond and coordinate mitigating steps and compensating controls on IoT and contracted medical devices that may arise from Clients passive asset discovery and risk assessment technology
• Participate and contribute to Crothalls CEIT Council
• Collaborates with internal stakeholders to identify organizational needs or gaps and develops appropriate cybersecurity strategy
• Maintains operational cybersecurity metrics to measure the effectiveness of security controls and identify opportunities for improvement
• Contribute to Crothalls cybersecurity training
• Assist in threat intelligence gathering, monitoring of zero-day alerts, and development of incident response plans for Clients
• Assist in development and implementation of continued best practices and risk management of IoT/IoMT devices
• Assures compliance with all regulatory standards including patient safety and all relative criteria governing the safe and appropriate use, testing and management of medical devices.
• Participate in Client meetings and committees as it applies to medical device security
• Other duties as assigned

MINIMUM QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Knowledge of the operation and prior experience with managing connected IoT/IoMT devices and associated cybersecurity risks

Knowledge of the operation and prior hands-on experience with biomedical equipment and associated systems

2+ years proven experience in cybersecurity

High attention to detail and exceptional work quality

Experience with process improvement

Proven ability to work effectively in an unstructured, fast-paced environment

Excellent written and verbal communication skills

PREFERRED QUALIFICATIONS:

5 years healthcare experience; General knowledge of Biomedical Equipment and Diagnostic Imaging

• Experience with cybersecurity in the healthcare environment
• Knowledge of Computerized Maintenance Management Systems (CMMS)
• Knowledge of connected medical device asset discovery and risk analysist platforms

EDUCATION:

Bachelors degree in Information Technology or Biomedical Engineering or equivalent required

Security+ required

HCISPP, CISPP preferred