Develop and implement device management plans and standard operating procedures to address all aspects of medical device lifecycle management. Help define, document, and manage device interconnectivity. Manage information security assessments of internally- and commercially-developed medical systems in the Departments of Medical Physics and Radiation Oncology. Oversee compliance of departmental systems with IT security policies. Assess Medical Device vulnerability directly resulting from device access and/or penetration of the medical device network architecture within the MSK Network and wireless environment. Maintain current knowledge of security vulnerabilities, threats, and industry best-practices (both within and external to the healthcare industry). Participate in various information security-related projects and initiatives. Provide guidance to department staff on effective security awareness.
(40%) Technology Evaluation and Management:
Define, manage, and document connectivity, data flows, and data storage associated with medical devices, commercial products, and clinical and business application with MSK. Serve as liaison between internal organizational stakeholders and device vendors/manufacturers on matters related to device management, maintenance, and security. Advise departmental leadership in support of proposed projects, system purchases and other IT security-related requests. Establish device management plans to address all aspects of device lifecycle management. Develop standard operating procedures to include user access and system activity monitoring. Assist with product updates and deployments. Review audit logs of supported systems and applications. Manage and review audits of vendor remote access. Review and update user certifications of supported systems and applications. Define and execute device testing and validation procedures to ensure proper implementation and configurations. 40%
(40%) Security Risk Assessment and Compliance:
Manage security risk assessments of internal and commercially developed medical systems and applications in the Medical Physics and Radiation Oncology departments. These include IT solutions of all types (e.g. mobile, web, client-server) both new installations and upgrades. Coordinate with stakeholders (i.e. department staff, Information Security office and vendors) to lead risk assessment projects and develop detailed and accurate architectures and system security plans. Coordinate with stakeholders and leverage personal technical expertise and knowledge of industry best practices to recommend, document and implement security risk remediation plans. Effectively communicate the contents of said reports to stakeholders.
Work with MSK Information Security, Regulatory Agencies (FDA & Joint Commission) as well as Risk Management and Safety Departments to identify risk to patient safety and personal health information and implement medical device security standards Assess vulnerabilities to Medical Devices, the data they store and/or process, and the associated network architecture. Oversee information security compliance of systems and applications within the departments. Coordinate with MSK Information Security to evaluate and implement automated solutions to monitor compliance.
(10%) Security Project and Process Participation and Guidance:
Serve as a liaison to the MSK Information Security Office on matters related to medical device security and security incident response, and security awareness. Assist in implementing proactive measures to protect departmental IT systems against changing and advancing threats and to address changes in the regulatory landscape. Assist MSK Information Security in providing guidance to department staff on effective security awareness, policy, and standard materials.
(10%) Skills Development:
Implement an annual personal education plan to maintain currency of security-related skills, technologies, methodologies, and best practices. Participate in appropriate and relevant conferences and courses to maintain technical proficiency.
Bachelors Degree in Computer Science or Information Technology degree (preferred)
2-4 years of experience in the security field
Entry-to-intermediate level certifications that demonstrate a basic knowledge of security concepts (e.g., Security+, GSEC, CEH) are desirable.
Internal Number: 2019-30702
About Memorial Sloan-Kettering Cancer Center
As one of the world's premier cancer centers, Memorial Sloan-Kettering Cancer Center is committed to exceptional patient care, leading-edge research, and superb educational programs. The close collaboration between our physicians and scientists is one of our unique strengths, enabling us to provide patients with the best care available today as we work to discover more effective strategies to prevent, control, and ultimately cure cancer in the future. Our education programs train future physicians and scientists, and the knowledge and experience they gain at Memorial Sloan-Kettering has an impact on cancer treatment and the biomedical research agenda around the world.