Cyber Security Analyst II

About Company

Mizuho OSI is the leader in the markets for specialty surgery and patient positioning. The company’s portfolio includes specialty surgical tables for procedure-specific approaches that improve patient outcomes in spine and orthopedic surgeries along with disposable and reusable surgical patient care products.

Job Summary

The Cyber Security Analyst is responsible for protecting the organization’s sensitive data systems, and medical device products from cyber threats while ensuring compliance through internal IT audits. This role involves monitoring and responding to security incidents, implementing security measures, preparing for IT audits to assess controls, and ensuring adherence to industry regulations such as FDA cybersecurity guidelines, HIPAA, and SOX.  The analyst collaborates with cross-functional teams to safeguard critical systems and data while evaluating the effectiveness of IT controls in a highly regulated medical device manufacturing environment.  This person will also be responsible for ensuring the IT department is prepared for any and all audits.

Responsibilities:

Cyber Security Analyst and Administrator

• Liaise with MOSI’s cybersecurity monitoring partner who monitors network traffic, systems, and endpoints for potential security threats and vulnerabilities.
• Ensure endpoints are updated with the latest software and OS patches to protect against vulnerabilities.  This includes progress tracking and reporting on each endpoint.
• Recommend order in which PCs are replaced based prioritized by security vulnerability and user efficiency.
• Work with our partner to conduct risk assessments and vulnerability scans to identify and prioritize security risks.
• Investigate, resolve, and respond to security incidents, performing root cause analysis and remediation planning.
• Recommend and maintain documented security controls, such as firewalls, intrusion detection/prevention systems, and endpoint protection.
• Collect and store IT internal audit artifacts required to prove IT audit compliance which evaluates the effectiveness of security controls, policies, and procedures.
• Ensure compliance with regulatory standards, including FDA cybersecurity requirements, HIPAA, ISO 27001, and potentially SOX.
• Collaborate with product development teams to integrate security into the medical device software development lifecycle (SDLC).
• Develop, maintain, and audit security policies, procedures, and documentation for compliance.
• Conduct mock cybersecurity threat scenarios with business and IT team members to ensure readiness of a real threat.
• Conduct internal audits of IT systems, and applications to ensure alignment with regulatory, financial, and organizational standards.
• Manage training and awareness programs to employees on cybersecurity best practices.
• Oversee penetration testing and simulate cyberattacks to evaluate system resilience and audit findings.
• Stay updated on emerging cyber threats, vulnerabilities, audit methodologies, and industry trends.
• Prepare and present reports on security incidents, audit findings, compliance status, and risk assessments to management.
• Support external audits and regulatory inspections by providing evidence of security and audit controls.
• Administer applications used by the IT department and the organization such as AlertMedia, Atlassian products, Mimecast, Proofpoint, Halcyon, CrowdStrike, PhishMe, Circle Security, ManageEngine, etc.

Qualifications & Requirements:

• Bachelor’s degree 2-4 years of experience in Cybersecurity, Information Technology, Computer Science, or a related field (or at least 6 years of experience in Cyber Security tools).
• 2+ years of experience in cybersecurity and IT internal auditing, preferably in a regulated industry such as healthcare or medical devices.
• Knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001) and audit standards (e.g., SOX, COBIT).
• Familiarity with network security tools (e.g., firewalls, IDS/IPS, SIEM) and audit tools and platforms.
• Strong analytical and problem-solving skills with attention to detail in both security and audit contexts.
• Ability to work independently and collaboratively in a fast-paced, regulated environment.
• Excellent communication skills to interact with technical, non-technical, and audit stakeholders.
• Relevant certifications (e.g., CompTIA Security+, CISA, CEH, CISSP) or willingness to obtain them.

Preferred Qualifications:

• Experience in the medical device or healthcare industry with IT audit responsibilities.
• Advanced certifications such as CISSP, CISM, CISA, or CRISC.
• Familiarity with medical device SDLC, secure coding practices, and IT general controls (ITGC).
• Knowledge of cloud security (e.g., AWS, Azure) and IoT security for connected medical devices.
• Experience with penetration testing tools and audit methodologies.
• Understanding of FDA premarket and post-market cybersecurity guidance and compliance.

Notes

• Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Candidates at all levels must demonstrate a commitment to maintaining the highest standards of cybersecurity and IT audit practices to protect patient safety, sensitive data, and regulatory compliance.
• Progression through levels depends on demonstrated expertise, leadership, and contributions to the organization’s cybersecurity and audit posture.

Salary range: $122,000- $140,000  DOE + annual potential bonus + comprehensive benefits package