At Memorial Sloan Kettering (MSK), we're not only changing the way we treat cancer, but also the way the world thinks about it. By working together and pushing forward with innovation and discovery, we're driving excellence and improving outcomes. For the 28th year, MSK has been named a top hospital for cancer by U.S. News & World Report. We are proud to be on Becker's Healthcare list as one of the 150 Great Places to Work in Healthcare in 2018, as well as one of Glassdoor's Employees' Choice Best Place to Work for 2018. We're treating cancer, one patient at a time. Join us and make a difference every day.
Develop and implement device management plans and standard operating procedures to address all aspects of medical device lifecycle management. Help define, document, and manage device interconnectivity. Manage information security assessments of internally- and commercially-developed medical systems in the Departments of Medical Physics and Radiation Oncology. Oversee compliance of departmental systems with IT security policies. Assess Medical Device vulnerability directly resulting from device access and/or penetration of the medical device network architecture within the MSK Network and wireless environment. Maintain current knowledge of security vulnerabilities, threats, and industry best-practices (both within and external to the healthcare industry). Participate in various information security-related projects and initiatives. Provide guidance to department staff on effective security awareness.
(40%) Technology Evaluation and Management:
* Define, manage, and document connectivity, data flows, and data storage associated with medical devices, commercial products, and clinical and business application with MSK. Serve as liaison between internal organizational stakeholders and device vendors/manufacturers on matters related to device management, maintenance, and security. Advise departmental leadership in support of proposed projects, system purchases and other IT security-related requests. Establish device management plans to address all aspects of device lifecycle management. Develop standard operating procedures to include user access and system activity monitoring. Assist with product updates and deployments. Review audit logs of supported systems and applications. Manage and review audits of vendor remote access. Review and update user certifications of supported systems and applications. Define and execute device testing and validation procedures to ensure proper implementation and configurations. 40%
(40%) Security Risk Assessment and Compliance:
* Manage security risk assessments of internal and commercially developed medical systems and applications in the Medical Physics and Radiation Oncology departments. These include IT solutions of all types (e.g. mobile, web, client-server) both new installations and upgrades. Coordinate with stakeholders (i.e. department staff, Information Security office and vendors) to lead risk assessment projects and develop detailed and accurate architectures and system security plans. Coordinate with stakeholders and leverage personal technical expertise and knowledge of industry best practices to recommend, document and implement security risk remediation plans. Effectively communicate the contents of said reports to stakeholders.
* Work with MSK Information Security, Regulatory Agencies (FDA & Joint Commission) as well as Risk Management and Safety Departments to identify risk to patient safety and personal health information and implement medical device security standards Assess vulnerabilities to Medical Devices, the data they store and/or process, and the associated network architecture. Oversee information security compliance of systems and applications within the departments. Coordinate with MSK Information Security to evaluate and implement automated solutions to monitor compliance.
(10%) Security Project and Process Participation and Guidance:
* Serve as a liaison to the MSK Information Security Office on matters related to medical device security and security incident response, and security awareness. Assist in implementing proactive measures to protect departmental IT systems against changing and advancing threats and to address changes in the regulatory landscape. Assist MSK Information Security in providing guidance to department staff on effective security awareness, policy, and standard materials.
(10%) Skills Development:
* Implement an annual personal education plan to maintain currency of security-related skills, technologies, methodologies, and best practices. Participate in appropriate and relevant conferences and courses to maintain technical proficiency.
* Bachelor's Degree in Computer Science or Information Technology degree (preferred)
* 2-4 years of experience in the security field
* Entry-to-intermediate level certifications that demonstrate a basic knowledge of security concepts (e.g., Security+, GSEC, CEH) are desirable.
MSK is an equal opportunity and affirmative action employer committed to diversity and inclusion in all aspects of recruiting and employment. All qualified individuals are encouraged to apply and will receive consideration without regard to race, color, gender, gender identity or expression, sexual orientation, national origin, age, religion, creed, disability, veteran status or any other factor which cannot lawfully be used as a basis for an employment decision.
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.