Cyber Security Analyst II

About The Position

Requirements

• Bachelor’s degree 2-4 years of experience in Cybersecurity, Information Technology, Computer Science, or a related field (or at least 6 years of experience in Cyber Security tools).
• 2+ years of experience in cybersecurity and IT internal auditing, preferably in a regulated industry such as healthcare or medical devices.
• Knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001) and audit standards (e.g., SOX, COBIT).
• Familiarity with network security tools (e.g., firewalls, IDS/IPS, SIEM) and audit tools and platforms.
• Strong analytical and problem-solving skills with attention to detail in both security and audit contexts.
• Ability to work independently and collaboratively in a fast-paced, regulated environment.
• Excellent communication skills to interact with technical, non-technical, and audit stakeholders.
• Relevant certifications (e.g., CompTIA Security+, CISA, CEH, CISSP) or willingness to obtain them.

Nice To Haves

• Experience in the medical device or healthcare industry with IT audit responsibilities.
• Advanced certifications such as CISSP, CISM, CISA, or CRISC.
• Familiarity with medical device SDLC, secure coding practices, and IT general controls (ITGC).
• Knowledge of cloud security (e.g., AWS, Azure) and IoT security for connected medical devices.
• Experience with penetration testing tools and audit methodologies.
• Understanding of FDA premarket and post-market cybersecurity guidance and compliance.

Responsibilities

• Liaise with MOSI’s cybersecurity monitoring partner who monitors network traffic, systems, and endpoints for potential security threats and vulnerabilities.
• Ensure endpoints are updated with the latest software and OS patches to protect against vulnerabilities. This includes progress tracking and reporting on each endpoint.
• Recommend order in which PCs are replaced based prioritized by security vulnerability and user efficiency.
• Work with our partner to conduct risk assessments and vulnerability scans to identify and prioritize security risks.
• Investigate, resolve, and respond to security incidents, performing root cause analysis and remediation planning.
• Recommend and maintain documented security controls, such as firewalls, intrusion detection/prevention systems, and endpoint protection.
• Collect and store IT internal audit artifacts required to prove IT audit compliance which evaluates the effectiveness of security controls, policies, and procedures.
• Ensure compliance with regulatory standards, including FDA cybersecurity requirements, HIPAA, ISO 27001, and potentially SOX.
• Collaborate with product development teams to integrate security into the medical device software development lifecycle (SDLC).
• Develop, maintain, and audit security policies, procedures, and documentation for compliance.
• Conduct mock cybersecurity threat scenarios with business and IT team members to ensure readiness of a real threat.
• Conduct internal audits of IT systems, and applications to ensure alignment with regulatory, financial, and organizational standards.
• Manage training and awareness programs to employees on cybersecurity best practices.
• Oversee penetration testing and simulate cyberattacks to evaluate system resilience and audit findings.
• Stay updated on emerging cyber threats, vulnerabilities, audit methodologies, and industry trends.
• Prepare and present reports on security incidents, audit findings, compliance status, and risk assessments to management.
• Support external audits and regulatory inspections by providing evidence of security and audit controls.
• Administer applications used by the IT department and the organization such as AlertMedia, Atlassian products, Mimecast, Proofpoint, Halcyon, CrowdStrike, PhishMe, Circle Security, ManageEngine, etc.

Benefits

• annual potential bonus
• comprehensive benefits package