Security and IT Controls Auditor

We are a global medical technology company. We design and manufacture technology that supports healthcare professionals and helps them return their patients back to health and mobility.

Overview:

The consultant will be required to perform HIPAA Security Rule assessments of a variety of Hosted Digital Medical Device Products (effectively Microsoft based cloud hosted systems), Enterprise Solutions and Data Repositories.

A number of prioritised assessment targets will be determined by the program team, comprising leaders from Information Security, Privacy, Compliance, Legal and a dedicated Program Manager.

Depending on how quickly this position can be filled, an assessment methodology will be devised and templates generated for performing and recording assessment outcomes.

Some input on remedial actions for any gaps identified, may also be required.

Responsibilities:

5% Input into program planning
5% Creation of assessment methodology and templates (potentially)
60% Execution of HIPAA Security Rule Assessments
20% Documentation of results
10% Consultation on any remedial actions

Requirements:

Licenses/Certifications:

• Qualifications for Information Security Audit would be beneficial e.g. Certified Information Systems Auditor (CISA).

Experience & Education:

• Minimum five years performing Information Security Audits on IT systems or Digital Medical Devices
• Any prior experience performing HIPAA Security Rule audits would be beneficial
• Educated to degree standard preferred