Clinical Engineering Security Engineer

About The Position

Requirements

• Bachelor’s degree in biomedical engineering, Computer Science, Information Security, or related degree.
• Associate degree with at least 2 years’ experience in an equivalent technical program.
• Equivalent education and work experience will be accepted only if previous experience applies to specific systems.
• IT Support, preferably in a healthcare organization, with experience doing enterprise-wide management of software, patching and/or clinical systems integration.
• Biomedical/Clinical Engineering professional with experience in supporting networked medical devices and systems in a healthcare setting.
• 5+ years of relevant biomed, IT, or security experience.
• Experience in HealthCare IT, the medical device industry, and/or Cybersecurity is highly desirable.
• Experience working in a CMMS is desired.
• Valid driver’s license when driving any vehicle for work-related reasons.
• IT and security certifications strongly preferred.

Nice To Haves

• Knowledge of and/or able to understand medical device technology.
• Knowledge of healthcare and clinical environment risk factors.
• Understanding of healthcare regulatory, industry standards, and security frameworks.
• Knowledge of computers, operating systems, security, and networking.
• Understanding of HIPAA Security Rules and the technical implications pertaining to medical equipment.
• Ability to interpret technical documentation and manuals.
• Skilled in interpersonal and group communication.
• Ability to research and solve problems quickly.
• Ability to set priorities and manage time while working on multiple projects and/or tasks.
• Proficient in the use of Microsoft Office applications required, including Excel, Word, PowerPoint, Visio, Project and Outlook.
• Knowledge of HL7, DICOM, and other clinical communication protocols and standards is desired.
• Advanced data analysis and reporting skills.

Responsibilities

• Protects UPH Clinical Engineering assets by the creation and enforcement of information security policies, procedures, standards, plans, and guidelines as they relate to connected medical devices.
• Identifies and documents information security risks and proposes mitigating controls for connected medical devices.
• Reviews vendor solutions for security risks and works with UPH IT and vendor to remediate risks to acceptable levels.
• Investigates and responds to security incidents involving medical devices.
• Monitors CE systems for potential threats.
• Researches, designs, and develops new information security controls to enhance protection of medical devices.
• Manages solution deployments that adhere to best practices and UPH IT/CE policies and procedures.
• Researches, understands, and processes medical equipment documentation to create knowledge articles, manage medical device profiles in CMMS and/or other integrated toolsets, and understand cyber risks and connectivity requirements for connected medical devices.
• Works with vendors regarding cybersecurity patch management for medical equipment serviced by UPH CE Department.
• Provides technical reporting, and/or data management support to field leaders, technicians and the business for escalated issues related to medical device security.
• Monitors intelligence sources for medical device security vulnerabilities.
• Assists with developing communication content and reports for UPH customers on medical device security issues.
• Creates and publishes instruction for field engineers on how to patch medical devices.
• Researches, creates, and issues work orders to field engineers for patching medical devices.
• Provides technical instruction & training to others as needed or required.
• Supports the development and execution of IT/CE security services and capabilities.
• Provides input and requirements into new features and capabilities for IT/CE security services.
• Constantly seeks out new sources of information and data to support the IT/CE security program.
• Provides support to UPH CE associates with large scale projects related to medical device security, system upgrades, and technology assessment.
• Assists with monitoring and maintaining the quality of cyber attributes in CMMS; supporting processes and procedures to ensure field associates can maintain cyber attributes in CMMS.
• May serve as a project manager for the development and/or implementation of new IT/CE security services, capabilities and/or features.
• Works directly with vendors and all levels of management and support staff.
• Provides feedback to management regarding process improvement and procedure changes to maintain the quality of IT/CE security services.
• Provides input into policies, processes, and procedures related to the management of IT/CE security services, clinical equipment networking and/or medical device security.
• Assists with organization and coordination of field response and remediation activities as necessary.
• Maintains knowledge of current regulatory agencies, standards, and regulations that apply to medical equipment.
• May be required to travel to other UPH regions and sites (in support of CE field operations and/or critical response activities).
• May be asked to travel to other UPH regions and/or other locations/meetings in support of the ongoing development of IT/CE services.
• May attend related industry conferences, educational seminars and/or other events in support of the program and professional growth.
• Helps to create and foster an environment of innovation; works to identify and remove roadblocks and enables collaboration between workgroups; advocates for the adoption of skills related to security of connected medical devices throughout the Clinical Engineering operations organization.
• Serves all customers and stakeholders to the highest level of satisfaction within the scope of responsibilities.
• Informs management of all situations that are out of the norm or are of an emergent nature or involve a negative impact on the enterprise.
• Effectively communicates verbally and in written form to customers, peers, and key stakeholders, presenting a professional image at all times.
• Works with the team to continuously drive improvements in operational delivery and/or technical skills.
• Maintains a clean and safe workplace.
• Assists co-workers and other business units as necessary.
• Provides coordinated technical training and mentoring as needed.
• Briefs department management on statuses and risks; clearly communicating best practices, roadblocks, and timelines.

Benefits

• Paid time off
• Parental leave
• 401K matching
• Employee recognition program
• Dental and health insurance
• Paid holidays
• Short and long-term disability
• Pet insurance
• Early access to earned wages with Daily Pay
• Tuition reimbursement
• Adoption assistance