Description

Job Summary



Responsible for Clinical Engineering Cybersecurity management plan to ensure safe and secure use of medical device systems aligning with relevant organizational and accrediting best practices, procedures, and policies. This includes responding to cybersecurity threats related to medical equipment operational systems and responding to cybersecurity related incidents.



Job Specific Duties

• Creates and oversees a Clinical Engineering management plan ensuring the safe and secure use of medical device and medical systems.
• Develops and leads new procurement and legacy deployment.
• Manages network medical device system inventories, interconnectivities, and diagrams in the Clinical Engineering Computerized Maintenance Management System and passive and active scanning solutions. Completes assessments for medical device systems which entails vulnerability and risk identification, mitigation, hardening, and acceptance.
• Manages network medical device system inventories, interconnectivity, and diagrams in the Clinical Engineering Computerized Maintenance Management System and passive and active cybersecurity scanning solutions.
• Coordinates planning and replacement of medical device systems with end-of-life operating systems.
• Implements antivirus and antimalware solutions with appropriate exceptions on medical device clients and servers.
• Executes monthly patching of medical device system clients and servers, specifically coordinating downtime, potential rollbacks, and applying only vendor approved patches.
• Develops and manages cyber-attack disaster recovery plans, backups, and downtime procedures for medical devices systems.
• Collaborates with Clinical Engineering, Cybersecurity, and Compliance to align with relevant organizational and accrediting best practices, procedures, and policies.
• Responsible for comprehensive medical device asset and cybersecurity management platform findings and mitigating steps.
• Rates cyber-risk using a defined and documented process to ascertain a probability, impact, and combined score for each risk.
• Develops mitigation strategies for each identified risk and ensures strategies are followed. Documents all questions and concerns.
• Creates new policies and ensures appropriate processes are in place, maintained, and adhered to for available approved patches and firmware upgrades.
• Ensure compliance with NCHS regulations.
• Ensures that medical devices cybersecurity risks are mitigated while health system initiatives are being met.
• Manages IOT cyber solutions and maintains operational security metrics to measure the effectiveness of security controls and identify opportunities for improvement. Assists in threat intelligence.
• Prepares reports for review by executive and other leaders to provide status updates and other information related to risk and governance.
• Manages the medical cybersecurity incident response to establish medical cyber security remediation with OEM’s.

Qualifications

Minimum Job Requirements

• Bachelor's Degree in Information Technology, Biomedical Engineering, or related field
• 4 years in medical device management, enterprise IT device management, or related experience

Knowledge, Skills, and Abilities

• Healthcare organization experience preferred.
• Cybersecurity Certification (CISM, CISSP, CISA, etc.) highly preferred.
• Detailed understanding of risk management practices.
• An in-depth understanding of medical device connectivity, healthcare IT security risks, and mitigation strategies.
• Working knowledge of security solutions (for example: Aruba, Cisco, Medigate, Rapid7, etc.).
• Detailed understanding of HIPAA, HITECH, DNV and related regulations.
• Excellent written and verbal communication skills.
• A comprehensive understanding of standard IT infrastructure and administration practices.
• Ability to identify and quantify cybersecurity related risks and common mitigation strategies.