Clinical Engineering Cyber Specialist

JOB DESCRIPTION

Role Overview:
Leading and supporting the implementation of medical device cybersecurity strategies!
Sodexo is seeking a Clinical Engineering Cyber Specialist to oversee and execute critical technical components of our healthcare cybersecurity program for St. John’s Episcopal Hospital in Far Rockaway, NY.
This role leads the implementation of cybersecurity controls, performs risk assessments, and collaborates closely with hospital IT and InfoSec teams to ensure the security and availability of medical devices.
The ideal candidate will bring strong technical leadership, a proactive approach to threat mitigation, and a deep understanding of healthcare regulatory requirements.
What You’ll Do:
Lead the collection of critical cybersecurity data elements (CDEs) and manufacturer documentation in CMMS and conduct risk assessments based on those findings.
Oversee configuration of medical devices to align with cybersecurity standards and manufacturer guidelines.
Manage planned and unplanned vulnerability remediation efforts, including response to zero-day threats and coordination with device manufacturers.
Investigate cybersecurity alerts on medical devices, analyze high-risk vulnerabilities, and develop response recommendations.
Track and report on vulnerability remediation activities while identifying opportunities to improve cybersecurity practices across HTM and IT.
Support HTM cybersecurity education, coach BMETs on best practices, and represent Sodexo in industry cybersecurity forums.
What You Bring:
Experience in medical device cybersecurity or a healthcare technology environment.
A valid driver’s license and acceptable driving record.
Strong knowledge of CMMS platforms, cybersecurity frameworks (e.g., NIST, ISO), and FDA/Joint Commission regulations.
Proven ability to lead technical projects and drive cross-functional alignment.
Relevant certifications (e.g., CISSP, HCISPP, CEH, or Security+) preferred.
Minimum Qualifications & Requirements:
Minimum Education Requirement: Bachelor’s degree or equivalent experience
Minimum Functional Experience: 3 years
Position Summary:
Leads the technical activities associated with the delivery of a medical device cybersecurity program, such as collection of cybersecurity data elements in the asset inventory, implementation of cybersecurity controls, and execution of critical cybersecurity fixes. Leads the technical analysis of emerging cybersecurity threats to determine impact to any devices in the asset inventory. Advises on technical elements of cybersecurity strategy, including recommendations for improvement. Supports the collection of metrics and key performance indicators for leadership review.
Technical Support – 80%
Leads the collection of Critical Data Elements (CDEs) in CMMS
Leads collection of manufacturer documentation and cybersecurity recommendations
Leads risk assessment of assets based on collected CDEs and documentation
Oversees out of the box configuration of medical devices to expected standards
Leads the planned vulnerability remediation, such as planned patching or upgrades
Leads the unplanned vulnerability remediation, such as response to zero-day threats
Leads the coordination of cybersecurity activities with device manufacturers as needed
Leads the testing and validation of network segmentation rules in coordination with hospital IT
Supports a range of IT projects that have implications for medical devices on the network
Program Support – 10%
Leads the investigation of alerts on medical devices in the hospital and clinics
Leads analysis and development of recommendations for response to high/critical vulnerabilities
Leads the tracking and reporting of vulnerability remediation activities
Identifies opportunities for improvement in cybersecurity practices for HTM and IT
Oversees quality control for cybersecurity data and documentation in CMMS
Training – 5%
Support HTM cybersecurity education & awareness for HTM teams
Coaches BMETs on basic cybersecurity hygiene and out of the box controls
Participates in industry cybersecurity workgroups and forums as representative of Sodexo
Completes mandatory technical and non-technical training
Regulatory and Compliance – 5%
Advises on hospital audits involving cybersecurity, including HIPAA and Joint Commission
Advises on enterprise cybersecurity audits in alignment with enterprise leadership
What We Offer:
Compensation is fair and equitable, partially determined by a candidate's education level or years of relevant experience. Salary offers are based on a candidate's specific criteria, like experience, skills, education, and training. Sodexo offers a comprehensive benefits package that may include:
Medical, Dental, Vision Care and Wellness Programs
401(k) Plan with Matching Contributions
Paid Time Off and Company Holidays
Career Growth Opportunities and Tuition Reimbursement
More extensive information is provided to new employees upon hire.