We are seeking a highly skilled Medical Device Cybersecurity Risk Specialist to lead and support cybersecurity risk management activities across medical devices, healthcare systems, and connected digital health ecosystems. This role is responsible for identifying, assessing, and mitigating cybersecurity risks impacting patient safety, regulatory compliance, and business operations.
The ideal candidate will bring strong expertise in risk frameworks, medical device security, and healthcare IT environments, with the ability to translate technical vulnerabilities into clear business and clinical risk insights.
Required Qualifications
- Strong understanding of cybersecurity risk frameworks: NIST CSF, ISO 27001/27005, FAIR, COSO.
- Hands-on experience in cybersecurity risk assessments, threat modeling, and risk analysis.
- Solid knowledge of medical device cybersecurity principles, including patient safety considerations.
- Familiarity with healthcare IT ecosystems, including EHR integrations and healthcare vendor systems.
- Experience reviewing penetration test results and driving remediation activities.
- Understanding of cybersecurity controls such as IAM, encryption, network security, endpoint protection, and logging/monitoring.
- Experience managing risk registers and risk tracking tools (GRC platforms or structured spreadsheets).
- Knowledge of cloud security, SDLC security integration, and infrastructure change management.
- Familiarity with healthcare regulatory and compliance expectations (e.g., FDA cybersecurity guidance, HIPAA environment awareness).
- Exposure to Agile/Scrum methodologies is preferred.
Key Responsibilities
- Develop, maintain, and enhance the organization’s cybersecurity risk management program with a focus on healthcare and medical device environments.
- Conduct qualitative and quantitative risk assessments across systems, applications, medical devices, vendors, and healthcare workflows.
- Maintain and manage risk registers, risk treatment plans, issue logs, and risk dashboards using GRC tools or structured tracking methods.
- Apply risk frameworks such as NIST CSF, ISO 27001/27005, FAIR, and COSO to evaluate and communicate risk posture.
- Assess cybersecurity risks associated with medical devices, including vulnerabilities, firmware/software issues, and connectivity risks.
- Evaluate patient safety implications of cybersecurity weaknesses in medical technologies.
- Support security reviews of device integration with EHR systems, clinical applications, and third-party healthcare platforms.
- Provide cybersecurity input during device onboarding, integration, and lifecycle management.
- Review penetration testing results and vulnerability assessments to determine impact, exploitability, and business risk.
- Identify mitigation strategies and validate remediation efforts in collaboration with engineering, vendors, and clinical/biomedical teams.
- Research emerging threats and assess their relevance to healthcare systems and medical devices.
- Produce regular cybersecurity risk reports, dashboards, and metrics for leadership and governance committees.
- Communicate technical risks in clear business and patient impact terms to non-technical stakeholders.
- Support compliance reporting aligned with healthcare and medical device regulatory expectations.