Details Department: SecuritySchedule: Full-Time Monday - Friday 8-5pm CTLocation: Remote
Benefits

Paid time off (PTO)
Various health insurance options & wellness plans
Retirement benefits including employer match plans
Long-term & short-term disability
Employee assistance programs (EAP)
Parental leave & adoption assistance
Tuition reimbursement
Ways to give back to your community

 

Benefit options and eligibility vary by position. Compensation varies based on factors including, but not limited to, experience, skills, education, performance and salary range at the time of the offer.

Responsibilities

Job Summary:

We are looking for a skilled and proactive GRC Cybersecurity Specialist to join our team, focusing on reviewing and managing the risks associated with medical devices and Internet of Things (IoT) technologies. The ideal candidate will be responsible for conducting risk assessments, ensuring compliance with regulatory frameworks, and implementing governance and security controls in the context of medical devices and connected IoT ecosystems. This position will involve close collaboration with cross-functional teams to safeguard the confidentiality, integrity, and availability of sensitive data.

Key Responsibilities:

Risk Assessment & Evaluation:
Conduct comprehensive risk assessments of medical devices, IoT devices, and related systems to identify potential vulnerabilities, threats, and exposures. Evaluate the security posture of devices and networks in the healthcare environment and recommend mitigation strategies.

 

Compliance & Regulatory Oversight:
Ensure medical devices, IoT technologies, and associated applications comply with relevant regulatory standards such as FDA guidelines, ISO 14971, IEC 62304, NIST, HIPAA, and GDPR. Stay up-to-date on regulatory changes and assist in aligning organizational policies with emerging cybersecurity requirements.

 

Policy & Procedure Development:
Assist with the drafting  of cybersecurity policies, standards, and procedures for medical devices and IoT systems. Ensure that policies reflect current risk profiles, industry best practices, and regulatory standards. Monitor adherence to these policies across the organization.

 

Collaboration with Cross-Functional Teams:
Collaborate with product development, IT, engineering, and regulatory teams to integrate cybersecurity risk management practices into the lifecycle of medical devices and IoT systems. Provide guidance on secure design, secure coding practices, and the implementation of necessary security controls.

 

Training & Awareness:
Deliver training programs on cybersecurity best practices and risk management for stakeholders involved in the deployment and maintenance of medical devices and IoT technologies. Foster a culture of cybersecurity awareness within the organization.

 

Continuous Improvement:
Continuously improve risk management processes by identifying new risks, emerging threats, and industry developments. Recommend and implement improvements to strengthen the organization’s cybersecurity posture in relation to medical devices & IoT.

Qualifications:

Experience:Minimum of 3-5 years of experience in cybersecurityExperience with risk assessments and security management for medical devices, IoT devices, or similar connected technologies.Familiarity with IoT security standards and frameworks (e.g., IoT Cybersecurity Improvement Act, NIST SP 800-53).Strong understanding of medical device regulatory requirements (e.g., FDA, ISO 14971, IEC 62304) and IoT security frameworks.Experience in cloud security and managing risks associated with IoT-based cloud infrastructures.Hands-on experience with medical device cybersecurity and its integration with hospital or clinical networks.

 

Certifications:Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or similar certifications are required for this role.

 

Skills & Knowledge:In-depth knowledge of risk management methodologies and frameworks such as NIST, ISO 27001, and ITIL.Strong understanding of cybersecurity concepts, including risk analysis, threat modeling, security controls, and incident management.Proficiency in managing compliance requirements for regulated industries, particularly healthcare and IoT.Excellent communication and interpersonal skills, with the ability to communicate technical issues clearly to non-technical stakeholders.Ability to work in a fast-paced environment and manage multiple priorities.

Requirements

Education:

High School diploma equivalency with 2 years of cumulative experience OR Associate's
degree/Bachelor's degree OR 4 years of applicable cumulative job specific experience required.
Additional Preferences

Preferences:

Education:
Bachelor’s degree in Cybersecurity, Information Security, Risk Management, Computer Science, or a related field.
Why Join Our Team

When you join Ascension, you join a team of over 134,000 individuals across the country committed to a Mission of serving others and providing compassionate, personalized care to all. Our inclusive culture, continuing education programs, career coaches and benefit offerings are just a few of the resources and tools that team members can use to create a rewarding career path. In fact, Ascension spent nearly $46 million in tuition assistance alone to support associate growth and development. If you are looking for a career where you can grow and make a difference in your community, we invite you to join our team today.

Equal Employment Opportunity Employer

Ascension will provide equal employment opportunities (EEO) to all associates and applicants for employment regardless of race, color, religion, national origin, citizenship, gender, sexual orientation, gender identification or expression, age, disability, marital status, amnesty, genetic information, carrier status or any other legally protected status or status as a covered veteran in accordance with applicable federal, state and local laws.

 

For further information, view the  EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster.

 

As a military friendly organization, Ascension promotes career flexibility and offers many benefits to help support the well-being of our military families, spouses, veterans and reservists. Our associates are empowered to apply their military experience and unique perspective to their civilian career with Ascension.

 

Pay Non-Discrimination Notice

 

Please note that Ascension will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Ascension will not solicit money or banking information from applicants.

E-Verify Statement

This employer participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.

E-Verify