Cybersecurity Consulting Lead

ECRI

Full-time

Remote

$107,776.96 - $122,315.47 USD yearly

Job Details

Corporate Headquarters - Plymouth Meeting, PA

Hybrid

Full Time

Graduate Degree Preferred

10%

Day

Health Devices

Description

WHY CHOOSE ECRI?

ECRI is an inspiring place to work. We share a common mission to help healthcare organizations make smart, compassionate, and ethical decisions for patients. Consider these additional benefits of joining the ECRI team:

Industry leadership: We have a long history and proven reputation in patient safety and medical technology research.
On-the-job-learning: You will have the opportunity to work with specialists across medical science, patient care, healthcare management, and technology.
Comprehensive healthcare benefits: We offer medical, dental, vision, life insurance, accidental death and dismemberment, and disability coverage.
Retirement Savings: Our employees can participate in an employer-matching 403(b) Retirement Savings Plan.
Additional benefits: ECRI offers additional benefits to our employees, including paid time off and holiday pay, paid leave for parents, tuition assistance, employee assistance program, access to LinkedIn Learning, and other voluntary benefit programs (e.g. accident insurance, identify theft insurance, flexible spending accounts).
Volunteer Program: ECRI Cares, our employee volunteer program, provides a framework for us to work together and make a difference in the lives of others. All employees are provided 16 hours annually of paid time to volunteer at preapproved ECRI Cares charities during normal business hours.

ABOUT ECRI

At ECRI, our passion for safe, effective, and efficient care is ingrained into the fabric of who we are and why we are here. For more than 50 years, the people of ECRI have been unyielding in their work to protect patients from unsafe and ineffective medical technologies and practices. Now, with the acquisition of the Institute for Safe Medication Practices (ISMP), we have created one of the largest healthcare quality and safety entities in the world.

As a non-profit, independent organization, we utilize an unbiased, evidence-based approach to develop guidance, and maintain our principles of integrity and transparent work. Our ethical standards have led us to adopt the industry's strictest conflict-of-interest policies, and they are why tens of thousands of healthcare leaders worldwide rely on ECRI to guide their clinical, operational, and strategic decisions across all sites of care.

The Most Trusted Voice in Healthcare

ECRI is proud to serve the healthcare industry, from providers and insurers to government agencies, and medical associations. Our areas of focus include:

Patient Safety: empowering leaders to eliminate patient harm through the dissemination of best practices, guidance, benchmarking, and recommendations.
Evidence-Based Medicine: providing clinical evidence to inform and support decisions on the effectiveness of medical technologies, procedures, genetic tests, and clinical practice guidelines.
Technology Decision Support: arming hospital systems with unbiased insights, so they can optimize their supply chain.

ECRI is the only organization worldwide to conduct independent medical device evaluations, with labs located in North America and Asia Pacific. ECRI is designated an Evidence-based Practice Center by the U.S. Agency for Healthcare Research and Quality and a federally certified Patient Safety Organization by the U.S. Department of Health and Human Services.

At ECRI, our passion for the truth drives us to go further and dig deeper in our pursuit to advance effective, evidence-based healthcare globally.

The success of our organization relies on the kind of creative thinking that can only result from a diverse team of individuals. ECRI is proud to be an employer of choice with an inclusive environment for all employees. As part of this goal and in compliance with various laws and regulations, ECRI provides reasonable accommodation to applicants and employees.

It's what makes ECRI unique, and why we are the most trusted voice in healthcare.

POSITION SUMMARY

To evaluate cybersecurity and interconnectivity of medical devices, provide technical consultation and risk assessment to the healthcare community based on current and future needs and trends, develop and execute risk assessment services, apply broad judgment and experience to multiple Device Safety activities. To participate in diverse ways, such as helping to plan new programs, selecting and training staff, and assisting in managing ongoing internal and external projects. To serve as a key information security expert within the Device Safety team.

ESSENTIAL FUNCTIONS

Reasonable Accommodation Statement:

To accomplish this job successfully, an individual must be able to perform, with or without reasonable accommodation, each essential function satisfactory. Reasonable accommodations may be made to help enable qualified individuals with disabilities to perform the essential functions.

Essential Functions:

General: Supervise information security contractors in various activities related to penetration testing, security hazard and risk assessment, and other areas of healthcare consulting or product evaluation. Responsible for comparative testing and analysis of medical products, including development and completing laboratory tests, literature review, and providing final report for customers. Must be a leader who thinks strategically and has the long-range goal of excellence of Device Safety initiatives. Must remain current with technological and regulatory developments and trends within field of cybersecurity, networking and risk assessment – serving as an expert in those fields. Must be able to conduct all projects and responsibilities with minimal supervision and at a principal level. Ability to manage and ensure secure ECRI laboratory network infrastructure in accordance with organization requirements and standards for cybersecurity segmentation to enable Device Safety information security initiatives is expected. Manages assigned projects to meet scheduled deadlines and updates supervisors on projects and problems on a regular basis. Participates in and manages multiple simultaneous activities in an effective, timely, and economic manner. Internally and externally present and discuss research findings in a variety of formats, including written, graphical, oral, and video. As assigned, assume leadership of major projects, and coordinate these activities with Device Safety Leadership. Must demonstrate independent thinking with a clear, logical line of reasoning; issues must be well thought out and clearly presented. Must recognize areas of concern and/or controversy, or in potential violation of ECRI’s Code of Ethics, and bring these to the attention of appropriate ECRI staff with recommended solutions.
Consultation: Develop and execute security risk assessment services programs for healthcare facilities, including site visits to the facility and preparation of a final report with conclusions, and presentation to facility leadership. Assist in business development efforts for incorporating incident response efforts with risk assessment recommendations for service offerings Provides verbal and written consultation to internal and external customers. Critically reviews technical materials from outside sources (e.g., project proposals, journal articles, standards, reports) for engineering and scientific soundness. Expected to increase ECRI’s reach in improving healthcare via new businesses or relationships such as setting up new business lines or consulting relationships, leading ECRI into new lines of scientific inquiry, planning and completing large complex evaluations.
Product Evaluation and Guidance: Performs product evaluations of network security and connectivity for medical devices at a senior level. Develops evaluation criteria and test protocols, to meet customer and clinical needs. Establishes contacts with device and technology manufacturers to obtain information on devices and obtain test samples. Establishes contacts with device and technology users to obtain insight into medical technologies. Conducts and/or supervises appropriate laboratory, clinical, or field tests according to the ECRI protocol. Prepare a well-organized article to guide hospital personnel on the selection, use, and maintenance of the device or technology under evaluation. Assure drafts are reviewed by ECRI personnel, outside consultants, and manufacturers and incorporate appropriate changes. Areas of concern and/or controversy, along with recommended solutions, should be recognized and brought to the attention of appropriate ECRI staff. Publication of instructional articles for clinical personnel on equipment use and technology, as well as guidance for existing and emerging cybersecurity theaters to patient safety.
Community Education: Presents externally to regulators, accreditors, providers, media outlets, and other healthcare stakeholders. Prepares and presents seminars on selected topics for seminar series, training programs, and special healthcare facility requests. Provides training and assistance to Device Safety staff. Interacts with other professional organizations to the benefit of ECRI and the community.
Administrative: Maintains complete records for all assigned projects, including meticulous electronic documentation of test methods and data in project files. Reads relevant technical journals and literature related to activities and maintains information files on designated topics. Participates in recruiting and applicant interviewing processes. Maintains an effective personal filing system and observes institutional filing procedures.

Additional Responsibilities:

•	Other duties, as assigned.

Accountability Metrics:

•	Stay up-to-date with current trends and anticipate future trends in the cybersecurity space.
•	Meet established deadlines and deliverables for internal and external clients.
•	Effectively communicate findings with strong written, verbal, and presentation skills.

Qualifications

POSITION QUALIFICATIONS

Experience:

•	3-5 years of relevant cyber security experience required, with experience in cyber security consulting preferred.
•	5-7 years’ work experience in a clinical setting or in a relevant technical field.
•	Experience and exemplary knowledge in NIST 800-53, 800-171, HITRUST, SOC2, and/or other equivalent experience and/or regulatory knowledge and understanding.
•	Strong knowledge of cyber security principles, operations security, cyber threats and vulnerabilities, and knowledge of national regulations, policies, and ethics as they relate to cyber security.
•	Experience with medical device manufacturer disclosure statements for medical device security preferred.
•	Ability to communicate very effectively and concisely both orally and in writing.
•	Must have proven track record of dependable, reliable, and thorough performance and be able to manage changing priorities for multiple simultaneous tasks

Education:

•	Bachelor’s degree required, preferably in computer engineering, information security, or a related field. Master’s or doctoral degree preferred, preferably in computer engineering, information security, or a related field.

Computer Skills:

•	Proficiency with Microsoft Office 365 Suite of Products (e.g., Excel, Word, and PowerPoint)

Certifications and Licenses:

•	Certified Risk and Information Control (CRIC) or Certified Information Security Systems Professional (CISSP) preferred, or equivalent.
•	Certified Biomedical Equipment Technician (CBET) and/or Certified Clinical Engineer (CCE) preferred, or equivalent.

POSITION COMPENSATION

The salary range for new employees in this position is $107,776.96 - $122,315.47, based on background, experience, and skills. In addition, new employees in this position are eligible for all of our benefit offerings, including, but not limited to, health and welfare benefits, 403(B) retirement savings, and paid time off (PTO).

PHYSICAL DEMANDS

Table Legend:

Not Applicable (N)
Activity is not applicable to this position.

Occasionally (O)
Position requires this activity up to 33% of the time (0 - 2.5 hours a day)

Frequently (F)
Position requires this activity from 34% - 66% of the time (2.5 - 5.25 hours a day)

Constantly (C)
Position requires this activity more than 66% of the time (5.25+ hours a day)

Movement:

Stand	O
Walk	F
Sit	C
Manually Manipulate	C
Grasp	O
Reach Outward	O
Reach Above Shoulder	O
Speak	C
Climb	O
Crawl	O
Squat or Kneel	O
Bend	O
Vision	C

Lift/Carry:

10 lbs or less	O
11-20 lbs	O
21-50 lbs	O
51-100 lbs	O
Over 100 lbs	N

Push/Pull:

12 lbs or less	O
12-25 lbs	O
26-40 lbs	O
41-100 lbs	O

ADA STATEMENT

ECRI is committed to providing equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or veteran status. We value diversity and believe that a diverse workforce enhances our ability to succeed. ECRI complies with applicable federal, state, and local laws governing nondiscrimination in employment and prohibits any form of discrimination or harassment based on these protected characteristics.

EEO STATEMENT

#LI-Hybrid

Apply now

Share this job

Twitter Facebook Linkedin Email