Why Mayo Clinic
If you want to lead information security in the healthcare industry, look to Mayo Clinic and be part of something that matters! Mayo Clinic is internationally renowned for its achievements in clinical practice, medical research, and education.
Recognized by FORTUNE magazine as one of the top 100 "Best Companies to Work For," we offer a highly competitive compensation package, flexible scheduling and telework for some positions. Join our team and have an opportunity to develop information security technologies to protect the organization, our patients and the delivery of healthcare worldwide.
The Clinical Information Security (CIS) team offers a unique opportunity for a highly skilled security professional to be involved in improving the security posture of healthcare systems and devices. Specifically, the CIS team is looking for a Principal Information Security Engineer who is results oriented, multi-disciplined, and passionate about assessing and improving the security of diverse and complex devices and systems. This position will be involved in activities which include:
Applying technical expertise in vulnerability research, reverse engineering, penetration testing and security architecture to perform in-depth security assessments of medical devices, facility systems and clinical support systems.
Developing technical strategies to mitigate or remediate identified vulnerabilities.
Engaging with clinical areas, business areas, IT Department and vendors as an information security liaison.
Undertaking complex projects requiring specialized technical knowledge.
Providing direction, training, and guidance to less experienced staff.
The Principal Information Security Engineer must be comfortable with carrying out assessments on embedded devices and larger systems that are based on various hardware and software platforms, from the mainstream ones to custom-developed solutions. The Clinical Information Security area partners with other Mayo Clinic security areas to provide a comprehensive full life cycle security approach that is unique in healthcare and is recognized as a healthcare industry leader.
The Principal Information Security Engineer position requires an information security professional who is result oriented, multi-disciplined, and comfortable in implementing system security solutions in multi-vendor environments.
This position is accountable for the research, technical analysis, recommendation, configuration, and administration of systems and procedures to ensure the protection of information processed, stored, or transmitted in Mayo Clinic's computing environments.
This position leads the security design, consultation, and technology governance oversight for various projects and initiatives. The incumbent also assists system users relative to information systems security matters and undertakes complex projects requiring additional specialized technical knowledge. This position acts as information security liaison to various business units and the information technology department and provides direction, training, and guidance for less experienced staff.
Bachelors degree in Computer Science, Information Systems, Engineering or related major and a minimum five (5) years experience in the information security field required, OR Associates degree and seven (7) years experience in the information security field, OR in lieu of a degree, nine (9) years experience in the information security field required. Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures.
Demonstrated experience in operating system, application, and network penetration testing and vulnerability assessment. Should have experience in liaising with system and network administrators to help remediate the impact of the identified risks and vulnerabilities at the platform level. Demonstrated knowledge of security controls for network, application and operating systems.
Strong knowledge and work experience with logical access controls to ensure confidentiality, integrity and assurance of proprietary information. Knowledge and understanding of business processes and information systems of a healthcare institution. Demonstrated experience in working with senior management on highly sensitive projects that require utmost discretion, and maintaining strict confidentiality on all data, records, and tasks as required.
Demonstrated interpersonal skills, including conflict resolution. Experience with resource allocation, coaching, and mentoring. Strong ability to work effectively in a team environment as a team leader.
Proven ability to partner with staff and managers in the Information Security and Information Technology organizations. Experience with committee and consensus driven organizations. Capacity to work independently and willingness to seek advice/assistance.
Knowledge and understanding of business processes and information systems of a healthcare institution.
Experience in penetration testing, vulnerability scanning and Industrial Control Systems.
Experience with committee and consensus driven organizations.
License or certification
Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire.
Education, experience and tenure may be considered along with internal equity when job offers are extended. The minimum salary every 2 weeks is approx $4,683.20 based on a full-time position.
Monday - Friday, typical hours are 8AM - 5 PM, with flexibility based on work needs
Occasional nights and weekends may be needed
Mayo Clinic is located in the heart of downtown Rochester, Minnesota, a vibrant, friendly city that provides a highly livable environment for more than 34,000 Mayo staff and students. The city is consistently ranked among the best places to live in the United States because of its affordable cost of living, healthy lifestyle, excellent school systems and exceptionally high quality of life.
IT and Engineering
Job posting number
Equal opportunity employer
Mayo Clinic is an equal opportunity educator and employer (including veterans and persons with disabilities).