As a member of IT Security team, The Medical Device Security Engineer assist in the development of cybersecurity capabilities associated with a comprehensive information security program aligning medical devices with the security program and business needs. This position drives security requirements and provides subject matter expert guidance to Cybersecurity systems at the tactical level and aligns medical device deployment with security initiatives.
A strong candidate will Prioritize tasks, resolve complex problems, develop solution security requirements, participates in strategy discussions, requires little direction, provides leadership to others, manages technical components of projects, and has a strong knowledge of cybersecurity principles and medical device design and capabilities responsibility.
- Evaluate medical device manufacturers cybersecurity questionnaire for accuracy and completion and assist the TPRM team on medical device vendor evaluations
- Support Vendor Management and Clinical Engineering teams for all cybersecurity related requests associated with medical device assets
- Articulate medical device cybersecurity risk for business and clinical purposes
- Contribute development of a content into risk registry
- Review, analyze, and report on emerging technologies and their effect on the cybersecurity posture of Medical Devices
- Develop cybersecurity requirements for various medical devices
- Provide cybersecurity design recommendations for various products and technologies.
- Contributein the design, requirements, implementation, assessments, and support advanced and diverse cybersecurity technical solutions that address complex business requirements and medical device security.
- Serve as a cybersecurity subject matter expert for various projects.
- Provide cybersecurity technical guidance to other technical personnel.
- Manage cybersecurity technical components of large projects.
- Evaluate and recommend products and systems in key technology areas.
- Work cooperatively with technical personnel in other divisions and functions to accomplish enterprise-wide goals.
- Identify and implement process improvements in the design and/or infrastructure of existing systems in the area of cybersecurity
- Remain up to date on new and emerging technologies within the area of technical expertise and serves as resource to other Company employees
- Contribute to the development, coordination, and execution of the cybersecurity risk advisory service for medical devices including maintenance of processes
- Contribute to the development of cybersecurity technical controls, analysis and design recommendations for various products and technologies
- Assist in collection of medical device hardware and software bill of materials
- Assist in customer outreach activities for cybersecurity medical devices
- Assist in cybersecurity process and procedure documentation and maintenance of those artifacts
- Understands and ensures compliance with current and applicable US laws and regulations.
- Understanding and working knowledge of NIST Cybersecurity Framework, FDA Pre Market and Post Market Cybersecurity Guidance, Chinese FDA Cybersecurity Guidance on Medical Devices, EU Medical Device Regulation (MDR), ISO 80001 (MDS(2)), ISO 2700x series.
- Experience and deep understanding of Hazard Analysis of Medical Devices and application of cybersecurity to FMEA or SHA.
- Understanding of Quality Control Regulations and ability to adapt cybersecurity to the existing processes.
- General understanding of Medical Device Design process including but not limited to Requirements, Design Inputs, Design Outputs, Validation, Verification, Risk Management.
- Working knowledge of post-market processes for medical devices, including but not limited to CAPA, Recalls, Complains processes, Incident Response.
A minimum of 5 years of experience in a related field.
6 or more years of experience in a related field.
BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.