Description
The medical device security specialist will
play a crucial role in safeguarding our medical device environment to ensure
device integrity and resilience by assessing, monitoring, and responding to
threats and vulnerabilities. This position
will work closely with cross-functional teams to ensure that our medical
devices meet the highest standards of security, compliance, and
reliability. Duties include, but are not limited to:
- Conduct
comprehensive assessments of medical devices to identify potential security
risks and vulnerabilities. Operation and
administration of the Medigate medical device security platform. - Ensure
Medical Device IT inventory is accurate and up to date. Participate in developing and implementing
integrations for clinical device inventory data in service-now (CMDB inventory) - Conduct
Pen Testing to assess the resilience of our security controls against simulated
cyber-attacks, identifying potential weaknesses and areas for improvement - Participate
in developing and implementing strategies to mitigate cybersecurity risks
associated with medical devices, including but not limited to threat modeling,
vulnerability management, and penetration testing. - Ensure
that medical devices comply with relevant cybersecurity regulations, standards,
and guidelines, such as FDA premarket cybersecurity guidance, HIPAA, and GDPR. - Collaborate
with cross-functional teams to strengthen technical controls of network
connected medical devices. Continuously evaluate the effectiveness of existing
security controls deployed to mitigate vulnerabilities in medical devices,
recommending adjustments or enhancements as necessary to bolster protection
against evolving threats. - Participate
in developing and maintaining incident response plans and procedures to
effectively respond to cybersecurity incidents involving medical devices. - Perform
investigation and analysis of security incidents involving medical devices,
conducting digital forensics examinations to uncover the root causes of
incidents and support remediation efforts. - Engage
in a rotating on-call schedule to promptly respond to cybersecurity threats
within a 24/7 healthcare environment. - Evaluate
the cybersecurity posture of third-party vendors and suppliers providing
components or services for medical devices.
This flexible hybrid role allows for a blend of
remote and on-site work, requiring presence on-site as needed based on operational
requirements. Please note, travel to the "home office" location is not
reimbursed. Each employee will complete a FlexWork Agreement with their manager
to outline expectations and ensure mutual understanding. These arrangements are
periodically reviewed and may be adjusted or terminated as necessary. Salary offers are based on a variety of factors
including qualifications, experience, and internal equity. The full salary
range for this position is $124,600 - $289,400 annually. The University anticipates
offering a salary between the minimum and midpoint of this range. As a condition of employment, the final
candidate who accepts a conditional offer of employment will be required to
disclose if they have been subject to any final administrative or judicial
decisions within the last seven years determining that they committed any
misconduct; received notice of any allegations or are currently the subject of
any administrative or disciplinary proceedings involving misconduct; have left
a position after receiving notice of allegations or while under investigation
in an administrative or disciplinary proceeding involving misconduct; or have
filed an appeal of a finding of misconduct with a previous employer.
Qualifications
Required
Experience:
- 8+ years of extensive, hands-on experience in
cybersecurity, with significant focus on healthcare IoT/IoMT device
security - 5+ years of experience leading and managing
teams of cybersecurity professionals to implement security programs. - Proven track record leading projects to deploy
and operate security solutions across distributed environments. - Experience performing risk assessments,
developing security policies/standards, and implementing controls. - Substantial background working with clinical
engineers, biomedical teams, and IT teams in healthcare settings. - Deep expertise with security frameworks (NIST
CSF, ISO, etc.), regulations (HIPAA, etc.) and cybersecurity best
practices
Required
Qualifications: Bachelor's
degree in computer science, cybersecurity, information systems or related
technical field is preferred, but not required with sufficient equivalent work
experience. Relevant
industry certifications such as CISSP, CISM, CRISC, HCISPP, etc. or equivalent
work experience. Extensive
technical skills across security domains including network, endpoint, cloud,
application security, etc. Significant
experience with security tools for vulnerability management, SIEM, IDS/IPS,
DLP, etc. Outstanding
leadership, communication, and stakeholder management abilities Exceptional
problem-solving, critical thinking, and decision-making skills Ability
to roll up sleeves and perform specialized, hands-on cybersecurity work as
needed.
|
University of California - Los Angeles Health
Dec 22, 2024