The CE Security Engineer advances the Information Security Program within the biomedical realm at UnityPoint Health (UPH), evaluates and reports on the effectiveness of information security controls as they relate to connected

medical devices, recommends security standards and controls as technology changes, ensures compliance in application of Clinical Engineering processes with privacy and security policies and standards, and protects connected

medical devices and the sensitive data contained within from threats by implementing, monitoring, and responding to security controls, threat intelligence, and security alerts.

The CE Security Engineer will provide centralized knowledge, expertise and support for the delivery of CE-IT security services to clients by UPH CE field operations through the provision of technical research, data management, auditing, reporting, and analysis, remote technical support, integrated knowledge creation and curation, and engaging in active vulnerability response activities as deemed necessary.

The CE Security Engineer serves as the security liaison between IT and CE. The position reports directly to the Manager, Clinical Engineering and reports indirectly through a dotted line reporting structure to the Manager, IT Security Operations Center.

Why UnityPoint Health?

• Commitment to our Team - We've been named a by Becker's Healthcare for our commitment to our team members.
• Culture - At UnityPoint Health, you matter. Come for a fulfilling career and experience guided by uncompromising values and unwavering belief in doing what's right for the people we serve.
• Benefits - Our competitive program offers benefits options that align with your needs and priorities, no matter what life stage you're in.
• Diversity, Equity and Inclusion Commitment - We're committed to ensuring you have a voice that is heard regardless of role, race, gender, religion, or sexual orientation.
• Development - We believe equipping you with support and is an essential part of delivering a remarkable employment experience.
• Community Involvement - Be an essential part of our core purpose-to improve the health of the people and communities we serve.

Visit us at UnityPoint.org/careers to hear more from our team members about why UnityPoint Health is a great place to work.

Advancement of Information Security Program in Clinical Engineering

* Protects UPH Clinical Engineering assets by the creation and enforcement of information

security policies, procedures, standards, plans, and guidelines as they relate to connected

medical devices.

* Identifies and documents information security risks and proposes mitigating controls for

connected medical devices.

* Reviews vendor solutions for security risks and works with UPH IT and vendor to remediate

risks to acceptable levels.

* Investigates and responds to security incidents involving medical devices.

* Monitors CE systems for potential threats.

* Researches, designs, and develops new information security controls to enhance protection of

medical devices.

* Manages solution deployments that adhere to best practices and UPH IT/CE policies and procedures.

Technical Security Support

* Researches, understands, and processes medical equipment documentation to create

knowledge articles, manage medical device profiles in CMMS and/or other integrated toolsets,

and understand cyber risks and connectivity requirements for connected medical devices.

* Works with vendors regarding cybersecurity patch management for medical equipment

serviced by UPH CE Department.

* Provides technical reporting, and/or data management support to field leaders, technicians and

the business for escalated issues related to medical device security.

* Monitors intelligence sources for medical device security vulnerabilities.

* Assists with developing communication content and reports for UPH customers on medical

device security issues.

* Creates and publishes instruction for field engineers on how to patch medical devices.

* Researches, creates, and issues work orders to field engineers for patching medical devices.

* Provides technical instruction & training to others as needed or required.

* Supports the development and execution of IT/CE security services and capabilities.

* Provides input and requirements into new features and capabilities for IT/CE security services.

* Performs all other duties related to this position as assigned.

Program/Project Management

* Constantly seeks out new sources of information and data to support the IT/CE security

program.

* Provides support to UPH CE associates with large scale projects related to medical device

security, system upgrades, and technology assessment.

* Assists with monitoring and maintaining the quality of cyber attributes in CMMS; supporting

processes and procedures to ensure field associates can maintain cyber attributes in CMMS.

* May serve as a project manager for the development and/or implementation of new IT/CE

security services, capabilities and/or features. May help to prepare project timelines,

milestones and establishing roles and responsibilities for the IT/CE security team.

* Works directly with vendors and all levels of management and support staff.

* Provides feedback to management regarding process improvement and procedure changes to

maintain the quality of IT/CE security services.

* Provides input into policies, processes, and procedures related to the management of IT/CE

security services, clinical equipment networking and/or medical device security.

* Assists with organization and coordination of field response and remediation activities as

necessary.

* Maintains knowledge of current regulatory agencies, standards, and regulations that apply to

medical equipment.

* May be required to travel to other UPH regions and sites (in support of CE field operations

and/or critical response activities).

* May be asked to travel to other UPH regions and/or other locations/meetings in support of the

ongoing development of IT/CE services.

* May attend related industry conferences, educational seminars and/or other events in support

of the program and professional growth.

Customer Service

* Helps to create and foster an environment of innovation; works to identify and remove

roadblocks and enables collaboration between workgroups; advocates for the adoption of skills

related to security of connected medical devices throughout the Clinical Engineering

operations organization.

* Serves all customers and stakeholders to the highest level of satisfaction within the scope of

responsibilities.

* Informs management of all situations that are out of the norm or are of an emergent nature or

involve a negative impact on the enterprise.

* Effectively communicates verbally and in written form to customers, peers, and key

stakeholders, presenting a professional image at all times.

* Work with the team to continuously drive improvements in operational delivery and/or technical

skills.

* Maintains a clean and safe workplace.

* Assists co-workers and other business units as necessary. * Provides coordinated technical training and mentoring as needed. * Briefs department management on statuses and risks; clearly communicating best practices, roadblocks, and timelines.

Basic UPH Performance Criteria

* Demonstrates the UnityPoint Health Values and Standards of Behaviors as well as adheres to

policies and procedures and safety guidelines.

* Demonstrates ability to meet business needs of department with regular, reliable attendance.

* Employee maintains current licenses and/or certifications required for the position.

* Practices and reflects knowledge of HIPAA, TJC, DNV, OSHA and other federal/state

regulatory agencies guiding healthcare.

* Completes all annual education and competency requirements within the calendar year.

* Is knowledgeable of hospital and department compliance requirements for federally funded

healthcare programs (e.g. Medicare and Medicaid) regarding fraud, waste and abuse. Brings

any questions or concerns regarding compliance to the immediate attention of hospital

administrative staff. Takes appropriate action on concerns reported by department staff

related to compliance

Education:

* Bachelor's degree in biomedical engineering, Computer Science, Information Security, or related degree.

* Associate degree with at least 2 years' experience in an equivalent technical program.

* Equivalent education and work experience will be accepted only if previous experience applies to specific systems.

* IT Support, preferably in a healthcare organization, with experience doing enterprise-wide management of software, patching and/or clinical systems integration

* Biomedical/Clinical Engineering professional with experience in supporting networked medical devices and systems in a healthcare setting

Experience:

* 5+ years of relevant biomed, IT, or security experience

* Experience in HealthCare IT, the medical device industry, and/or Cybersecurity is highly desirable

* Experience working in a CMMS is desired

License(s)/Certification(s):

* Valid driver's license when driving any vehicle for work-related reasons. IT and security certifications strongly preferred

Knowledge/Skills/Abilities:

* Knowledge of and/or able to understand medical device technology

* Knowledge of healthcare and clinical environment risk factors

* Understanding of healthcare regulatory, industry standards, and security frameworks

* Knowledge of computers, operating systems, security, and networking

* Understanding of HIPAA Security Rules and the technical implications pertaining to medical equipment

* Ability to interpret technical documentation and manuals

* Skilled in interpersonal and group communication

* Ability to research and solve problems quickly

* Ability to set priorities and manage time while working on multiple projects and/or tasks

* Proficient in the use of Microsoft Office applications required, including Excel, Word, PowerPoint, Visio, Project and Outlook

* Knowledge of HL7, DICOM, and other clinical communication protocols and standards is desired

* Advanced data analysis and reporting skills