BMET Cybersecurity Specialist

Skills: Cybersecurity, Medical Devices, Asset Inventory, Critical Data Elements (CDEs), CMMS, HTM, BMET, HIPAA, Healthcare, Device Maintenance

Typical Knowledge & Skills

• Medical Device Knowledge very deep knowledge of the design of medical devices including protocols for device maintenance, understanding of common challenges and limitations with medical devices, thorough knowledge of medical device functions and how they are used for patient care.
• Software and Server Management knowledge and experience with hands-on management of highly technical and sensitive hardware and software used to support the delivery of patient care, includes the daily management of key components to ensure high uptime and availability, some experience with the triage and troubleshooting of highly technical scenarios, some ability to oversee the response to both planned and unplanned downtime of key components.
• Strong Awareness of Hospital Processes clear understanding of how hospital departments operate including common roles and processes, awareness of critical safety protocols when in clinical areas, demonstrates appropriate behavior and awareness of surroundings in clinical areas.
• Drive for Results ability to coordinate access & interactions with medical devices under complex and tense situations, resilience to changes or barriers in access to medical devices, ability to negotiate and compromise with others to achieve goals.
• Demonstrated Specialization in Cybersecurity clear passion for cybersecurity for medical devices, demonstrated experience with hands-on cybersecurity activities in healthcare or comparable industry, evidence of structured learning and/or self-learning on cybersecurity topics, currently has or is pursuing certification in cybersecurity.

Responsibilities:

• Leads the technical activities associated with the delivery of a medical device cybersecurity program, such as collection of cybersecurity data elements in the asset inventory, implementation of cybersecurity controls, and execution of critical cybersecurity fixes.
• Leads the technical analysis of emerging cybersecurity threats to determine impact to any devices in the asset inventory.
• Advises on technical elements of cybersecurity strategy, including recommendations for improvement. Supports the collection of metrics and key performance indicators for leadership review.

Technical Support - 80%

• Leads the collection of Critical Data Elements (CDEs) in CMMS.
• Leads collection of manufacturer documentation and cybersecurity recommendations.
• Leads risk assessment of assets based on collected CDEs and documentation.
• Oversees out of the box configuration of medical devices to expected standards.
• Leads the planned vulnerability remediation, such as planned patching or upgrades.
• Leads the unplanned vulnerability remediation, such as response to zero-day threats.
• Leads the coordination of cybersecurity activities with device manufacturers as needed.
• Leads the testing and validation of network segmentation rules in coordination with hospital IT.
• Supports a range of IT projects that have implications for medical devices on the network.

Program Support - 10%

• Leads the investigation of alerts on medical devices in the hospital and clinics.
• Leads analysis and development of recommendations for response to high/critical vulnerabilities.
• Leads the tracking and reporting of vulnerability remediation activities.
• Identifies opportunities for improvement in cybersecurity practices for HTM and IT.
• Oversees quality control for cybersecurity data and documentation in CMMS.

Training - 5%

• Support HTM cybersecurity education & awareness for HTM teams.
• Coaches BMETs on basic cybersecurity hygiene and out of the box controls.
• Participates in industry cybersecurity workgroups and forums as representative of Sodexo.
• Completes mandatory technical and non-technical training.

Regulatory and Compliance - 5%

• Advises on hospital audits involving cybersecurity, including HIPAA and Joint Commission.
• Advises on enterprise cybersecurity audits in alignment with enterprise leadership.

Qualifications:

• Basic Education Requirement: Associate degree or equivalent experience
• Basic Functional Experience: 3 years