When patient lives are on the line, simply reacting is not enough – we need a transformation. In Booz Allen’s Secure Connected Health practice we believe the future of healthcare is digital and delivered. To foster this transformation, we need you – a passionate cybersecurity professional with the expertise required to analyze the policies that determine our healthcare system’s cyber resilience.
Our clients are undergoing tremendous change as they develop cutting edge medical technologies with a focus on continuously improving the security and resilience of their products. They need our help to navigate this change. As a cyber strategic planning and policy development analyst on our team, you’ll lead the assessment of: current healthcare cyber frameworks; product security approaches for medical/research device manufacturers, health delivery organizations, and research institutions; and high priority areas for risk mitigation. You’ll evaluate how policies stack up to best practices and industry standards. As you guide your client through understanding acceptable risk and availability, you’ll advance the development of a strategic cyber roadmap. You’ll work in a consultative role to ensure the client operates securely as they navigate an evolving IT environment. Join us as we protect our nation’s healthcare infrastructure through strategic cyber policy development. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia. This position requires travel within the US, when necessary, to accommodate client needs.
Empower change with us.
5+ years of experience with writing or drafting executive or senior-level correspondence or material to support decision-making
5+ years of experience with analyzing the development of information assurance and cybersecurity practices, policies, and strategies
5+ years of experience with information technology policies, regulations, and operations, including product security with a medical device manufacturer, cybersecurity/IT networking at a medical facility
Knowledge of health and healthcare applications
Ability to travel up to 25% of the time
Ability to obtain a security clearance
Nice If You Have:
Experience with FDA or other regulatory experience
Experience with writing secure development guidance for medical devices
Experience with risk analysis and threat assessments
Knowledge of security maturity assessments, including OWASP SAMM, BSIMM
Knowledge of security tools used in the healthcare industry, including Zingbox, Medigate, or Ordr
Knowledge of NIST 800 series publications
Knowledge of the Healthcare & Public Health Sector Coordinating Councils’ Medical Device and Health IT Joint Security Plan
Possession of excellent written and oral communication skills
CISSP or HCISSP Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
The proposed salary range for this position in Colorado is 100,000 to 120,000. Final salary will be determined based on various factors.
At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.
Build Your Career:
Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.
Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.
Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.