Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
Medical Device Cybersecurity Risk Specialist
Job
Tata Consultancy Services Limited
Irvine, CA (In Person)
$115,000 Salary, Full-Time
Review key factors to help you decide if the role fits your goals.
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
100
out of 100
Average of individual scores
Skill Insights
Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Must Have Technical/Functional Skills
- Strong understanding of information security risk management frameworks such as
NIST CSF, ISO 27001
/ 27005, FAIR, and COSO.- Hands-on experience in conducting cybersecurity risk assessments, threat modeling, and evaluating risks across systems, vendors, projects, and business processes.
- Solid knowledge of medical device cybersecurity, including vulnerability analysis, security risk mitigation, and patient safety considerations.
- Familiarity with medical device integration, healthcare application ecosystems, and interactions with EHR systems and third-party healthcare vendor applications.
- Understanding of common cybersecurity controls including network security, endpoint protection, identity and access management, encryption, logging/monitoring, and secure system configuration.
- Experience reviewing penetration testing findings, identifying practical mitigation options, and validating remediation approaches in partnership with vendors or technical teams.
- Ability to maintain and manage risk registers, risk treatment plans, dashboards, and remediation tracking mechanisms using GRC platforms or structured spreadsheet-based tools.
- Working knowledge of cloud security, security operations, and cybersecurity input into SDLC, infrastructure changes, and new service introductions.
- Familiarity with regulatory and compliance expectations relevant to healthcare and medical devices, including cybersecurity documentation and risk-based decision-making.
- Exposure to Agile / Scrum methodologies and cross-functional project execution is highly desirable.
- Ability to research emerging threats, assess business relevance, and proactively recommend risk reduction actions. Roles & Responsibilities
- Develop, maintain, and continuously improve the organization's cybersecurity risk management program, with emphasis on practical and sustainable risk reduction.
- Perform qualitative and quantitative risk assessments for systems, projects, vendors, healthcare technologies, and business processes.
- Analyze medical device cybersecurity vulnerabilities, penetration testing findings, and technical risks to determine impact, likelihood, and patient/business impact.
- Partner with internal teams, vendors, and business owners to identify, validate, and track approved mitigation strategies and alternative risk treatment options where needed.
- Maintain accurate and up-to-date risk registers, risk treatment plans, issue logs, and risk dashboards.
- Support the selection, implementation, and validation of technical, administrative, and procedural security controls.
- Provide cybersecurity and risk management input into projects, cloud initiatives, system integrations, device onboarding, and service changes.
- Coordinate and support t hird-party/vendor risk assessments, follow-up actions, and remediation closure tracking.
- Translate technical cybersecurity issues into clear business impact statements and communicate them effectively to leadership and non-technical stakeholders.
- Produce recurring risk posture reports, trends, metrics, and remediation summaries for management and governance forums.
- Support incident response activities and perform post-incident risk analysis to identify lessons learned and strengthen controls.
- Promote a strong security and risk-aware culture by engaging with stakeholders, educating teams, and encouraging proactive risk identification.
- Collaborate effectively across cybersecurity, engineering, quality, clinical/biomedical, IT, and vendor teams to ensure balanced decision-making that protects both operations and patient safety.
- Stay current on evolving cybersecurity threats, healthcare technology risks, and relevant compliance expectations.