Cyber Security Analyst - Medical Devices

About The Position

Requirements

• Three years of experience in any combination of support and monitoring of security endpoints/servers, e.g., patch deployment/risk assessment/vulnerability scanners/security incident and event monitoring solutions/antivirus products, network security protocols and methodologies, information security and information technology controls, security penetration and vulnerability assessments, systems/network administration
• Bachelor's degree in computer sciences, information technology, related field, or equivalent senior experience
• Solid knowledge of Health Insurance Portability and Accountability Act, Joint Commission, and other information technology security governing bodies
• Strong knowledge of accepted information systems and technology security regulations
• Demonstrated knowledge of generally known information technology platforms, standards, and software development language(s)
• Well-developed organizational, written communication, and analytical skills
• Must be able to function in a dynamic environment subject to impromptu changes in schedules and priorities

Nice To Haves

• Five years of experience in computer operations, information security, and/or risk management
• Experience in a healthcare setting
• Experience specifically with Medical Equipment security and management

Responsibilities

• Develops capabilities necessary to monitor and detect indicators of compromise using security scripts, tools, and services.
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
• Assists and leads with the definition and implementation of countermeasures or mitigating controls to help monitor and detect indicators of compromise using security scripts, tools, and services.
• Works closely with the Biomedical Network Analyst, Information Security Analyst, Security Architect, Network infrastructure team, and business units to help implement security infrastructure and technical controls.
• Serves as an escalation point for complex and sensitive information security issues.
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external web integrity scans to determine compliance.
• Performs detailed analysis of business need, identifies IT security impacts or considerations, and translates into secure, viable technical solutions.
• Develops project charters and objectives.
• Provides presentations regarding proposals, soliciting feedback, promoting buy-in.
• Maintains current knowledge of relevant technology as assigned.
• Provides system performance monitoring and troubleshooting.
• Prepares incident reports of analysis methodology and results.
• Works independently or as a lead on projects of medium to high complexity.
• Establishes and maintains project plans; adjusts for potential impacts to meet deadlines.
• Evaluates new equipment (both hardware and disposables) and new technology from a design, modification, and usage perspective.
• As part of a Vendor Quality Assurance effort, evaluates vendor competencies and examines product history as it relates to hardware and software.
• Assists in developing and implementing consistent policies and procedures which guide and support the goals and objectives of the department as it relates to information security.
• Advises and participates in “ad hoc” committees on medical equipment issues, as assigned.
• Assists with oversight of all healthcare technology hardware and software upgrades.
• Healthcare Technology Management: Maintains or oversees the integrity of IS&T related technical fields in existing CMMS platform, updates the operational security status of equipment in existing management platform, and monitors and communicates compliance with specifications, codes, and hospital standards.