Medical Device Security Specialist (flex-hybrid)

Description

The medical device security specialist will

play a crucial role in safeguarding our medical device environment to ensure

device integrity and resilience by assessing, monitoring, and responding to

threats and vulnerabilities. This position

will work closely with cross-functional teams to ensure that our medical

devices meet the highest standards of security, compliance, and

reliability.

Duties Include, But Are Not Limited To:

• Conduct comprehensive assessments of medical devices to identify potential security risks and vulnerabilities. Operation and administration of the Medigate medical device security platform.
• Ensure Medical Device IT inventory is accurate and up to date. Participate in developing and implementing integrations for clinical device inventory data in service-now (CMDB inventory)
• Conduct Pen Testing to assess the resilience of our security controls against simulated cyber-attacks, identifying potential weaknesses and areas for improvement
• Participate in developing and implementing strategies to mitigate cybersecurity risks associated with medical devices, including but not limited to threat modeling, vulnerability management, and penetration testing.
• Ensure that medical devices comply with relevant cybersecurity regulations, standards, and guidelines, such as FDA premarket cybersecurity guidance, HIPAA, and GDPR.
• Collaborate with cross-functional teams to strengthen technical controls of network connected medical devices. Continuously evaluate the effectiveness of existing security controls deployed to mitigate vulnerabilities in medical devices, recommending adjustments or enhancements as necessary to bolster protection against evolving threats.
• Participate in developing and maintaining incident response plans and procedures to effectively respond to cybersecurity incidents involving medical devices.
• Perform investigation and analysis of security incidents involving medical devices, conducting digital forensics examinations to uncover the root causes of incidents and support remediation efforts.
• Engage in a rotating on-call schedule to promptly respond to cybersecurity threats within a 24/7 healthcare environment.
• Evaluate the cybersecurity posture of third-party vendors and suppliers providing components or services for medical devices.
  
  

This flexible hybrid role allows for a blend of

remote and on-site work, requiring presence on-site as needed based on operational

requirements. Please note, travel to the 'home office' location is not

reimbursed. Each employee will complete a FlexWork Agreement with their manager

to outline expectations and ensure mutual understanding. These arrangements are

periodically reviewed and may be adjusted or terminated as necessary.

Salary offers are based on a variety of factors

Including Qualifications, Experience, And Internal Equity. The Full Salary

range for this position is $124,600 - $289,400 annually. The University anticipates

offering a salary between the minimum and midpoint of this range.

As a condition of employment, the final

candidate who accepts a conditional offer of employment will be required to

disclose if they have been subject to any final administrative or judicial

decisions within the last seven years determining that they committed any

misconduct; received notice of any allegations or are currently the subject of

any administrative or disciplinary proceedings involving misconduct; have left

a position after receiving notice of allegations or while under investigation

in an administrative or disciplinary proceeding involving misconduct; or have

filed an appeal of a finding of misconduct with a previous employer.

Qualifications

Required

Experience:

• 8 years of extensive, hands-on experience in cybersecurity, with significant focus on healthcare IoT/IoMT device security
• 5 years of experience leading and managing teams of cybersecurity professionals to implement security programs.
• Proven track record leading projects to deploy and operate security solutions across distributed environments.
• Experience performing risk assessments, developing security policies/standards, and implementing controls.
• Substantial background working with clinical engineers, biomedical teams, and IT teams in healthcare settings.
• Deep expertise with security frameworks (NIST CSF, ISO, etc.), regulations (HIPAA, etc.) and cybersecurity best practices
  
  

Qualifications:

Bachelor's

degree in computer science, cybersecurity, information systems or related

technical field is preferred, but not required with sufficient equivalent work

experience.

Relevant

industry certifications such as CISSP, CISM, CRISC, HCISPP, etc. or equivalent

work experience.

Extensive

technical skills across security domains including network, endpoint, cloud,

application security, etc.

Significant

experience with security tools for vulnerability management, SIEM, IDS/IPS,

DLP, etc.

Outstanding

leadership, communication, and stakeholder management abilities

Exceptional

problem-solving, critical thinking, and decision-making skills

Ability

to roll up sleeves and perform specialized, hands-on cybersecurity work as

needed.

UCLA Health welcomes all individuals, without regard to race, sex, sexual orientation, gender identity, religion, national origin or disabilities, and we proudly look to each person’s unique achievements and experiences to further set us apart.