Job Title

SUMMARY: As a direct report to the Director Medical Device Cybersecurity and Integration, IoT (Internet of Things) and IoMT (Internet of Medical Things) Cybersecurity Analyst will be responsible for supporting Crothall's overall cybersecurity and IoT security initiatives including defined day-to-day managed services activities. The Analyst will also report to Client's Sr. Director of Security. Utilizing Crothall's cybersecurity framework, technologies and policies and procedures, the IoT and IoMT Cybersecurity Analyst will be involved in response to cybersecurity alerts, ensuring Client KPI's are met, perform audits and risk assessments of IoT and IoMT, and provide subject matter expertise with Crothall resources for IoT and IoMT cybersecurity. ESSENTIAL DUTIES AND RESPONSIBILITIES:Monitors and responds to Crothall's comprehensive IoT, medical device asset, and cybersecurity management platform findings and mitigating steps.Engage and work with Client's IT department to inform of steps that can be taken on Clients network or enterprise security toolsCorrelate and perform GAP analysis on discovered IoT and IoMT devicesTriage, respond and assign work orders generated from Crothall's CMMS cybersecurity module as appropriateEnsure work orders are completed within defined KPI's and assist on site Crothall resources if needed for successful completionDevelop and maintain periodic IoTIoMT cybersecurity risk reports to client IT departmentResearch and engage OEMs for available approved patches, firmware upgrades, and MDS2 formsAssist in developing practical strategies to reduce cybersecurity risks related to IoTIoMTMaintain database of approved patches, firmware upgrades, and MDS2 formsCollaborate and work with Client to respond and coordinate mitigating steps and compensating controls on IoT and contracted medical devices that may arise from Clients passive asset discovery and risk assessment technologyParticipate and contribute to Crothall's CEIT CouncilCollaborates with internal stakeholders to identify organizational needs or gaps and develops appropriate cybersecurity strategyMaintains operational cybersecurity metrics to measure the effectiveness of security controls and identify opportunities for improvementContribute to Crothall's cybersecurity trainingAssist in threat intelligence gathering, monitoring of zero-day alerts, and development of incident response plans for ClientsAssist in development and implementation of continued best practices and risk management of IoTIoMT devicesAssures compliance with all regulatory standards including patient safety and all relative criteria governing the safe and appropriate use, testing and management of medical devices.Participate in Client meetings and committees as it applies to medical device securityOther duties as assignedMINIMUM QUALIFICATIONS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill andor ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. · Knowledge of the operation and prior experience with managing connected IoTIoMT devices and associated cybersecurity risks· Knowledge of the operation and prior hands-on experience with biomedical equipment and associated systems· 2+ years proven experience in cybersecurity · High attention to detail and exceptional work quality· Experience with process improvement · Proven ability to work effectively in an unstructured, fast-paced environment· Excellent written and verbal communication skillsPREFERRED QUALIFICATIONS: · 5 years healthcare experience; General knowledge of Biomedical Equipment and Diagnostic ImagingExperience with cybersecurity in the healthcare environmentKnowledge of Computerized Maintenance Management Systems (CMMS) Knowledge of connected medical device asset discovery and risk analysist platforms EDUCATION:· Bachelor's degree in Information Technology or Biomedical Engineering or equivalent required · Security+ required · HCISPP, CISPP preferred