We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Medical Device Security Specialist (flex-hybrid)

University of California - Los Angeles Health
United States, California, Los Angeles
Dec 22, 2024
Description

The medical device security specialist will
play a crucial role in safeguarding our medical device environment to ensure
device integrity and resilience by assessing, monitoring, and responding to
threats and vulnerabilities. This position
will work closely with cross-functional teams to ensure that our medical
devices meet the highest standards of security, compliance, and
reliability.

Duties include, but are not limited to:

  • Conduct
    comprehensive assessments of medical devices to identify potential security
    risks and vulnerabilities. Operation and
    administration of the Medigate medical device security platform.
  • Ensure
    Medical Device IT inventory is accurate and up to date. Participate in developing and implementing
    integrations for clinical device inventory data in service-now (CMDB inventory)
  • Conduct
    Pen Testing to assess the resilience of our security controls against simulated
    cyber-attacks, identifying potential weaknesses and areas for improvement
  • Participate
    in developing and implementing strategies to mitigate cybersecurity risks
    associated with medical devices, including but not limited to threat modeling,
    vulnerability management, and penetration testing.
  • Ensure
    that medical devices comply with relevant cybersecurity regulations, standards,
    and guidelines, such as FDA premarket cybersecurity guidance, HIPAA, and GDPR.
  • Collaborate
    with cross-functional teams to strengthen technical controls of network
    connected medical devices. Continuously evaluate the effectiveness of existing
    security controls deployed to mitigate vulnerabilities in medical devices,
    recommending adjustments or enhancements as necessary to bolster protection
    against evolving threats.
  • Participate
    in developing and maintaining incident response plans and procedures to
    effectively respond to cybersecurity incidents involving medical devices.
  • Perform
    investigation and analysis of security incidents involving medical devices,
    conducting digital forensics examinations to uncover the root causes of
    incidents and support remediation efforts.
  • Engage
    in a rotating on-call schedule to promptly respond to cybersecurity threats
    within a 24/7 healthcare environment.
  • Evaluate
    the cybersecurity posture of third-party vendors and suppliers providing
    components or services for medical devices.

This flexible hybrid role allows for a blend of
remote and on-site work, requiring presence on-site as needed based on operational
requirements. Please note, travel to the "home office" location is not
reimbursed. Each employee will complete a FlexWork Agreement with their manager
to outline expectations and ensure mutual understanding. These arrangements are
periodically reviewed and may be adjusted or terminated as necessary.

Salary offers are based on a variety of factors
including qualifications, experience, and internal equity. The full salary
range for this position is $124,600 - $289,400 annually. The University anticipates
offering a salary between the minimum and midpoint of this range.

As a condition of employment, the final
candidate who accepts a conditional offer of employment will be required to
disclose if they have been subject to any final administrative or judicial
decisions within the last seven years determining that they committed any
misconduct; received notice of any allegations or are currently the subject of
any administrative or disciplinary proceedings involving misconduct; have left
a position after receiving notice of allegations or while under investigation
in an administrative or disciplinary proceeding involving misconduct; or have
filed an appeal of a finding of misconduct with a previous employer.

Qualifications

Required
Experience:


  • 8+ years of extensive, hands-on experience in
    cybersecurity, with significant focus on healthcare IoT/IoMT device
    security
  • 5+ years of experience leading and managing
    teams of cybersecurity professionals to implement security programs.
  • Proven track record leading projects to deploy
    and operate security solutions across distributed environments.
  • Experience performing risk assessments,
    developing security policies/standards, and implementing controls.
  • Substantial background working with clinical
    engineers, biomedical teams, and IT teams in healthcare settings.
  • Deep expertise with security frameworks (NIST
    CSF, ISO, etc.), regulations (HIPAA, etc.) and cybersecurity best
    practices

Required
Qualifications:

Bachelor's
degree in computer science, cybersecurity, information systems or related
technical field is preferred, but not required with sufficient equivalent work
experience.

Relevant
industry certifications such as CISSP, CISM, CRISC, HCISPP, etc. or equivalent
work experience.

Extensive
technical skills across security domains including network, endpoint, cloud,
application security, etc.

Significant
experience with security tools for vulnerability management, SIEM, IDS/IPS,
DLP, etc.

Outstanding
leadership, communication, and stakeholder management abilities

Exceptional
problem-solving, critical thinking, and decision-making skills

Ability
to roll up sleeves and perform specialized, hands-on cybersecurity work as
needed.

Applied = 0

(web-86f5d9bb6b-4zvk8)