Senior Risk Analyst Jobs in Rochester, MN (NOW HIRING)

This is a hybrid position and must be located within 100 miles of a Mayo Clinic campus for occasional on-site expectations based on business needs. 

The HTM Cyber team is seeking a technically strong Information Security Engineer to support the team's medical/facility device cybersecurity operations across medical, research, laboratory, and facilities environments. Unlike a traditional IT security function, this role is focused on identifying, assessing, and mitigating cybersecurity risks and vulnerabilities directly on connected medical and operational technology equipment. This position will work closely with the Senior Engineer and provide practical technical support across core operational areas, including Associate Engineer support, Security Lifecycle Profiles, secure baseline remediation, vulnerability management, remote access review, vulnerability scanning, metrics, and process improvement.

The ideal candidate brings hands-on biomedical equipment or clinical engineering experience, a solid understanding of IT networking, and a working knowledge of cybersecurity principles. This individual should be able to bridge HTM field operations, vendor support, IT, and Information Security by helping troubleshoot connected device issues, translate security requirements into practical device-level actions, document repeatable remediation processes, and support risk-based decisions that protect patient care while reducing risk across complex healthcare technology environments.

The Information Security Engineer position requires an information security professional who is results oriented, multi-disciplined, and comfortable in implementing system security solutions in multi-vendor environments. This position is responsible for the research, technical analysis, configuration, and administration of systems and procedures to ensure the protection of information processed, stored or transmitted in Mayo Clinic's computing environments. This position assists with the security design, consultation, and technology governance oversight for various projects and initiatives. The incumbent also assists system users relative to information systems security matters and undertakes complex projects requiring additional specialized technical knowledge. This position acts as information security liaison to various business units and the information technology department. This position receives general supervision and guidance from Information Security Directors and Senior Information Security Engineers.

During the selection process you may participate in an OnDemand (pre-recorded) interview that you can complete at your convenience. During the OnDemand interview, a question will appear on your screen, and you will have time to consider each question before responding. You will have the opportunity to re-record your answer to each question - Mayo Clinic will only see the final recording. The complete interview will be reviewed by a Mayo Clinic staff member and you will be notified of next steps. 

Bachelor's degree in Computer Science, Information Systems, Engineering or related major and a minimum one (1) year experience in the information security field required, OR associate's degree and two (2) years' experience in the information security field, OR in lieu of a degree, five (5) years' experience in the information security field required. 

Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures. Basic knowledge of TCP/IP networking. Possesses human relation skills to interact effectively with a variety of personnel. Ability to multi-task and prioritize issues appropriately. Demonstrated ability to work effectively in a team environment as a participant. Capacity to work independently and willingness to seek advice/assistance. Certified as CISSP, GIAC, CISM, or security equivalent; or will obtain certification within 2 years of hire.

Preferred Qualifications

• Biomedical / Clinical Engineering Experience: Hands-on experience working with medical, laboratory, or operational devices in clinical environments.
• Healthcare Device Networking Fundamentals: IP addressing, ports/protocols, VLANs, connectivity, and troubleshooting of networked medical devices.
• Medical Device Cybersecurity & Vulnerability Management: Identification, assessment, prioritization, and remediation of vulnerabilities on connected devices.
• Device-Level Security Implementation (Hardening & Remediation): Applying secure configurations, coordinating patching, and implementing compensating controls in vendor-constrained environments.
• Cross-Functional Technical Collaboration: Working across HTM, IT, Information Security, and vendors to resolve issues without impacting patient care.
• Risk-Based Decision Making in Clinical Environments: Balancing cybersecurity risk with patient safety, device availability, and operational constraints.
• Process Documentation & Operationalization (optional depending on limit): Creating repeatable workflows, remediation steps, and technical documentation for scalable execution.

Authorization to work and remain in the United States, without necessity for Mayo Clinic sponsorships now, or in the future (for example, be a U.S. Citizen, national, or permanent resident, refugee, or asylee). Mayo Clinic does not participate in the F-1 STEM OPT extension program.