Sr. IT Auditor Consultant, Hospital Medical Device IT Controls

Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756) Join to apply for the Sr. IT Auditor Consultant, Hospital Medical Device IT Controls (BHJOB22048_756) role at ITmPowered Consulting Role Overview Be on the frontlines of Technology Risk in the emerging area of Medical Device Cybersecurity! A large national hospital network can have over 350,000 connected medical devices. Many of these interconnected devices, such as hospital imaging equipment, patient monitoring systems, IV pumps, and blood spinners, as well as connected hospital facilities devices like elevators, door locks, and ID card readers, are exposed publicly and vulnerable to cyber-attacks. Our client is implementing customized IT controls to secure their Medical Devices, Healthcare Technology Management Operations, and hospital facilities' connected IT devices. Position Details Contract Location: Denver, CO Posted: 2 years ago Responsibilities Conduct IT Controls Assessments for approximately 20 custom IT controls within the Hospital Medical Device Cybersecurity Program. Perform full lifecycle audits: scope, plan, fieldwork, reporting, assessing both the design and effectiveness of controls. Identify and address control gaps, providing guidance on effective control implementation. Lead end-to-end IT Controls Assessments, including scoping, planning, fieldwork, and reporting. Document IT Controls processes and narratives. Perform detailed controls testing, gather evidence, and document results. Write comprehensive IT Controls Assessment Reports, including findings, risk assessments, and remediation recommendations. Assess IT risk controls across various domains such as IAM, logical access, network security, logging, vulnerability management, change management, etc., throughout the device lifecycle. Qualifications Bachelor's degree in IT, CS, MIS, or related field, or equivalent experience. 3-5 years leading end-to-end IT audits. CISA certification; CISSP, CCSP, CEH, CRISA, Security+ or similar preferred. Experience documenting IT processes and narratives. Strong understanding of IT controls frameworks (NIST 800-53, RMF, CSF, HITRUST, etc.). Knowledge of regulatory frameworks like HIPAA, PCI, SOX, GDPR, etc. Experience advising on IT controls implementation. Preferred Experience Experience in hospital environments managing electronic medical devices. 1-3 years in medical device management, operations, or cybersecurity. Certifications such as CHTM, CBET, CABT, CRES, or other Med Device cybersecurity certifications. Familiarity with hospital medical device management systems like Nuvolo. Logistics Remote work within the US; preferred locations: Colorado or Georgia. COVID-19 vaccine and booster required or valid medical exemption. Ability to pass background checks, drug screening, and employment verification. Must be a US citizen or Green Card holder; no visa sponsorship or transfer available. W2 employment only; no sub-vendors. Include current contact info on resume (phone/email). To apply, email your details to careers@ . #J-18808-Ljbffr