Job Description
Job Summary
The Internet of Medical Things (IoMT) Security Consultant serves as a link between biomedical engineering and healthcare cybersecurity. This role involves assessing and guiding clients through the core tasks and functions necessary to secure and enhance the cybersecurity posture of biomedical technologies and the Internet of Medical Things (IoMT) in healthcare settings. With a strong focus on client consultation, this position offers strategic guidance and technical leadership to assist healthcare organizations in meeting regulatory standards, reducing cyber risk, and developing resilient clinical technology ecosystems.
Essential Job Functions
· Responsible for the continued maturity of the service line through client feedback, market analysis, and general healthcare experience.
· Conduct thorough technical evaluations of biomedical and clinical technologies to uncover security vulnerabilities and operational risks.
· Offer cybersecurity advisory and consultation to healthcare clients, concentrating on medical device protection, regulatory compliance, and threat mitigation.
· Collaborate with Clinical Engineering, IT, and Security teams to develop and implement integrated security strategies for IoMT assets.
· Build and maintain risk registries for IoMT environments, tracking threat exposures, remediation plans, and resolution statuses.
· Assist in the creation and implementation of policies, procedures, and best practices for the secure use and maintenance of biomedical devices.
· Support vulnerability management programs by reviewing scan data and mapping vulnerabilities to specific device types or vendors.
· Consult with IR team during declared incidents where medical devices may be directly involved.
· Deliver training and guidance to clinical and engineering teams on medical device security hygiene and awareness.
· Maintain thorough documentation of assessments, technical actions, client communications, and remediation efforts throughout the lifecycle of assigned projects.
· Monitor emerging threats, vulnerabilities, and compliance requirements specific to the healthcare device ecosystem (e.g., FDA, HHS, NIST, ISO 80001, HIPAA).
· Accurately track and submit billable hours and time entries by required deadlines.
· Keep project tasks and status updates current within the project management platform.
· Book travel and manage travel logistics in accordance with company and client travel policies.
· Demonstrate working knowledge of Fortified Health Security’s core services and how they relate to client needs.
· Attend and actively participate in team, service line, and departmental meetings as required.
Knowledge & Skills
Education & Experience
· Bachelor’s degree in Biomedical Engineering, Cybersecurity, Information Systems, or a related field.
· Advanced degrees or industry certifications are strongly preferred (e.g., CISSP, HCISPP, CBET).
· Demonstrated success managing multiple concurrent projects and deadlines.
· 3+ years in biomedical engineering, clinical engineering, or healthcare IT/security consulting.
· Proven experience securing or supporting medical devices in clinical environments.
· Familiarity with healthcare cybersecurity frameworks (e.g., NIST CSF, 800-53, HIPAA Security Rule).
· Experience working in or with hospital Clinical Engineering departments or HTM programs
Special Skills & Knowledge
· Strong understanding of medical device types, functions, and clinical use cases.
· Knowledge of networking and integration between biomedical systems and hospital IT infrastructure.
· Strong written and verbal communication skills; ability to present to technical and executive stakeholders.
· Capable of managing multiple client projects with competing timelines and priorities.
· High level of initiative, professionalism, and customer service orientation.
· Professional maturity, with a commitment to modeling Fortified Health Security’s core values of accountability, operational discipline, and continuous improvement.
Licenses, Certifications, etc.
· CISSP (Certified Information Systems Security Professional)
· HCISPP (HealthCare Information Security and Privacy Practitioner)
· CBET (Certified Biomedical Equipment Technician)
· CISM, CISA, or similar security-focused certifications also beneficial
Requirements
Supervisory Responsibility
· No immediate direct personnel management responsibility.
Working Conditions & Travel Requirements
· Remote work environment with occasional travel required for client engagements, team meetings, or company events.
