IS Security Analyst III/Medical Devices
Silver Spring, MD

Job Description

Job Summary

* Interfaces with various MedStar business units and applies improvements in MedStar Health's information security operations program and develops new security processes and standards as needed. Works with a diverse team to define, document, and implement security controls across MedStar Health technology and MedStar network. This includes a wide array of medical devices, clinical workstations, building automation systems, applications, servers, workstations, and network tools. Contributes to the development and implementation of enterprise security policies, standards, procedures, and guidelines related to health technology used in a clinical environment. Focuses on health technology security which includes medical devices and medical IOT as well as any systems non-traditionally supported by IT.



Minimum Qualifications

* Education/Training
* Bachelor's degree in Information Systems, Biomedical Engineering or a combination of equivalent technical experience and education.




*
* Experience
* 3 years operation information security experience. 1 year of experience in medical device security preferred. Hands-on experience with the following: system hardening, vulnerability scanning, firewall, penetration testing, Incident Response, Incident Handling and reporting to all levels of management. Hands-on experience in configuring and applying technical security controls to applications, servers, or network infrastructure. Experience performing vendor security assessment. Experience with various security management tools (Vulnerability Management, Configuration Management, SIEM, etc).




*
* License/Certification/Registration
* CISSP, SANS GSEC, CompTIA Security+, CEH, CBET, or CCE certification preferred.




*
* Knowledge, Skills & Abilities
* Must have a knowledge of security principles as they relate to the protection of clinical systems. Broad knowledge of medical devices, IT Security and general systems infrastructure experience to include: security architecture, and security techniques/products, and techniques to mitigate security risks. Must have interest in medical devices and health delivery and take initiative in becoming more knowledgeable about medical device security. Strong analytical ability to solve complex technical problems. Competent in microcomputing including desktop applications, server and desktop management and configuration. Strong interpersonal communication skills to effectively interface with internal/external customers. Understanding of information systems and their impact to customers. Ability to analyze business applications to determine and communicate risk to stakeholders in an understandable way. Provide experienced-based knowledge and serve as first point of escalation for security related events/issues. Knowledge of the embedded systems design, implementation and security controls.





Primary Duties and Responsibilities

* Assists with design and implementation of the MedStar Health security infrastructure.


* Develops and maintains current access to health technology security best practices and risk management. Provides consultation to MedStar's departments, clinicians and leadership.
* Performs research, gap analysis, and data collection specific to health technology security and contributes to strategy and roadmap development.
* Assists with the development, implementation and administration of enterprise information security standards and procedures for MedStar network and health technology.
* Performs security risk assessments, manages risk, and provides advice for the implementation of compensating security controls on health technology.
* Develops health technology security standards, policies and procedures and interfaces with other departments to ensure their implementation. Performs regular verification.
* Assists MedStar's departments and diversified businesses with deployment of IT security controls on Health technology.
* Performs IT security incidents investigations and vulnerability assessments on health technology.
* Leads and coordinates health technology security patches and firmware updates.
* Works with business and technical stake holders to research, assess, evaluate, and support the implementations of security related projects.
* Maintains operational security metrics to measure the effectiveness of security controls and identify opportunities for improvement.
* Promotes security awareness program.
* Provides high quality, service-oriented information processing for the MedStar Health System. Strives for service excellence by seeking continuous improvement, and consistent accuracy, completeness, and follow- through of work.
* Contributes to the achievement of established department goals and objectives and adheres to department policies, procedures, quality standards and safety standards. Complies with governmental and accreditation regulations.
* Participates in multidisciplinary quality and service improvement teams as appropriate. Participates in meetings, serves on committees and represents the department and hospital/facility in community outreach efforts as appropriate.
* Performs other duties as assigned.

Must have valid transportation. Travel to sites is required.



About MedStar Health

MedStar Health is dedicated to providing the highest quality care for people in Maryland and the Washington, D.C., region, while advancing the practice of medicine through education, innovation and research. Our 30,000 associates and 5,400 affiliated physicians work in a variety of settings across our health system, including 10 hospitals and more than 300 community-based locations, the largest visiting nurse association in the region, and highly respected institutes dedicated to research and innovation. As the medical education and clinical partner of Georgetown University for more than 20 years, MedStar is dedicated not only to teaching the next generation of doctors, but also to the continuing education and professional development of our whole team. MedStar Health offers diverse opportunities for career advancement and personal fulfillment.