Clinical Engineering Security Engineer
|  UnityPoint Health | |
|  $37.82/Hr.-$56.74/Hr. | |
|  parental leave, paid time off, paid holidays, tuition reimbursement, 401(k) | |
|   United States, Iowa, Grimes  | |
|   1601 Southeast Gateway Drive (Show on map) | |
|  Oct 01, 2025 | |
| 
 Overview Full time - Remote/Hybrid Remote, Grimes, Iowa M - F 8am to 4:30pm The CE Security Engineer advances the Information Security Program within the biomedical realm at UnityPoint Health (UPH), evaluates and reports on the effectiveness of information security controls as they relate to connected medical devices, recommends security standards and controls as technology changes, ensures compliance in application of Clinical Engineering processes with privacy and security policies and standards, and protects connected medical devices and the sensitive data contained within from threats by implementing, monitoring, and responding to security controls, threat intelligence, and security alerts. The CE Security Engineer will provide centralized knowledge, expertise and support for the delivery of CE-IT security services to clients by UPH CE field operations through the provision of technical research, data management, auditing, reporting, and analysis, remote technical support, integrated knowledge creation and curation, and engaging in active vulnerability response activities as deemed necessary. The CE Security Engineer serves as the security liaison between IT and CE. The position reports directly to the Manager, Clinical Engineering and reports indirectly through a dotted line reporting structure to the Manager, IT Security Operations Center. Why UnityPoint Health? At UnityPoint Health, you matter. We're proud to be recognized as a Top 150 Place to Work in Healthcare by Becker's Healthcare several years in a row for our commitment to our team members. Our competitive Total Rewards program offers benefits options that align with your needs and priorities, no matter what life stage you're in. Here are just a few: 
 
 
 With a collective goal to champion a culture of belonging where everyone feels valued and respected, we honor the ways people are unique and embrace what brings us together. And, we believe equipping you with support and development opportunities is a vital part of delivering an exceptional employment experience. Find a fulfilling career and make a difference with UnityPoint Health. Responsibilities Advancement of Information Security Program in Clinical Engineering * Protects UPH Clinical Engineering assets by the creation and enforcement of information security policies, procedures, standards, plans, and guidelines as they relate to connected medical devices. * Identifies and documents information security risks and proposes mitigating controls for connected medical devices. * Reviews vendor solutions for security risks and works with UPH IT and vendor to remediate risks to acceptable levels. * Investigates and responds to security incidents involving medical devices. * Monitors CE systems for potential threats. * Researches, designs, and develops new information security controls to enhance protection of medical devices. * Manages solution deployments that adhere to best practices and UPH IT/CE policies and procedures. Technical Security Support * Researches, understands, and processes medical equipment documentation to create knowledge articles, manage medical device profiles in CMMS and/or other integrated toolsets, and understand cyber risks and connectivity requirements for connected medical devices. * Works with vendors regarding cybersecurity patch management for medical equipment serviced by UPH CE Department. * Provides technical reporting, and/or data management support to field leaders, technicians and the business for escalated issues related to medical device security. * Monitors intelligence sources for medical device security vulnerabilities. * Assists with developing communication content and reports for UPH customers on medical device security issues. * Creates and publishes instruction for field engineers on how to patch medical devices. * Researches, creates, and issues work orders to field engineers for patching medical devices. * Provides technical instruction & training to others as needed or required. * Supports the development and execution of IT/CE security services and capabilities. * Provides input and requirements into new features and capabilities for IT/CE security services. * Performs all other duties related to this position as assigned. Program/Project Management * Constantly seeks out new sources of information and data to support the IT/CE security program. * Provides support to UPH CE associates with large scale projects related to medical device security, system upgrades, and technology assessment. * Assists with monitoring and maintaining the quality of cyber attributes in CMMS; supporting processes and procedures to ensure field associates can maintain cyber attributes in CMMS. * May serve as a project manager for the development and/or implementation of new IT/CE security services, capabilities and/or features. May help to prepare project timelines, milestones and establishing roles and responsibilities for the IT/CE security team. * Works directly with vendors and all levels of management and support staff. * Provides feedback to management regarding process improvement and procedure changes to maintain the quality of IT/CE security services. * Provides input into policies, processes, and procedures related to the management of IT/CE security services, clinical equipment networking and/or medical device security. * Assists with organization and coordination of field response and remediation activities as necessary. * Maintains knowledge of current regulatory agencies, standards, and regulations that apply to medical equipment. * May be required to travel to other UPH regions and sites (in support of CE field operations and/or critical response activities). * May be asked to travel to other UPH regions and/or other locations/meetings in support of the ongoing development of IT/CE services. * May attend related industry conferences, educational seminars and/or other events in support of the program and professional growth. Customer Service * Helps to create and foster an environment of innovation; works to identify and remove roadblocks and enables collaboration between workgroups; advocates for the adoption of skills related to security of connected medical devices throughout the Clinical Engineering operations organization. * Serves all customers and stakeholders to the highest level of satisfaction within the scope of responsibilities. * Informs management of all situations that are out of the norm or are of an emergent nature or involve a negative impact on the enterprise. * Effectively communicates verbally and in written form to customers, peers, and key stakeholders, presenting a professional image at all times. * Work with the team to continuously drive improvements in operational delivery and/or technical skills. * Maintains a clean and safe workplace. * Assists co-workers and other business units as necessary. * Provides coordinated technical training and mentoring as needed. * Briefs department management on statuses and risks; clearly communicating best practices, roadblocks, and timelines. Basic UPH Performance Criteria * Demonstrates the UnityPoint Health Values and Standards of Behaviors as well as adheres to policies and procedures and safety guidelines. * Demonstrates ability to meet business needs of department with regular, reliable attendance. * Employee maintains current licenses and/or certifications required for the position. * Practices and reflects knowledge of HIPAA, TJC, DNV, OSHA and other federal/state regulatory agencies guiding healthcare. * Completes all annual education and competency requirements within the calendar year. * Is knowledgeable of hospital and department compliance requirements for federally funded healthcare programs (e.g. Medicare and Medicaid) regarding fraud, waste and abuse. Brings any questions or concerns regarding compliance to the immediate attention of hospital administrative staff. Takes appropriate action on concerns reported by department staff related to compliance Qualifications Education: * Bachelor's degree in biomedical engineering, Computer Science, Information Security, or related degree. * Associate degree with at least 2 years' experience in an equivalent technical program. * Equivalent education and work experience will be accepted only if previous experience applies to specific systems. * IT Support, preferably in a healthcare organization, with experience doing enterprise-wide management of software, patching and/or clinical systems integration * Biomedical/Clinical Engineering professional with experience in supporting networked medical devices and systems in a healthcare setting Experience: * 5+ years of relevant biomed, IT, or security experience * Experience in HealthCare IT, the medical device industry, and/or Cybersecurity is highly desirable * Experience working in a CMMS is desired License(s)/Certification(s): * Valid driver's license when driving any vehicle for work-related reasons. IT and security certifications strongly preferred. Knowledge/Skills/Abilities: * Knowledge of and/or able to understand medical device technology * Knowledge of healthcare and clinical environment risk factors * Understanding of healthcare regulatory, industry standards, and security frameworks * Knowledge of computers, operating systems, security, and networking * Understanding of HIPAA Security Rules and the technical implications pertaining to medical equipment * Ability to interpret technical documentation and manuals * Skilled in interpersonal and group communication * Ability to research and solve problems quickly * Ability to set priorities and manage time while working on multiple projects and/or tasks * Proficient in the use of Microsoft Office applications required, including Excel, Word, PowerPoint, Visio, Project and Outlook * Knowledge of HL7, DICOM, and other clinical communication protocols and standards is desired * Advanced data analysis and reporting skills | |
 
                             
  
 