Global IT Security - Business Information Security Officer Analyst - Product Security
Deerfield, IL or Virtual/Work from Home (US)
Provides a broad portfolio of essential renal and hospital products, including home, acute and in-center dialysis; sterile IV solutions; infusion systems and devices; parenteral nutrition; surgery products and anesthetics; and pharmacy automation, software and services. The company's global footprint and the critical nature of its products and services play a key role in expanding access to healthcare in emerging and developed countries. Baxter's employees worldwide are building upon the company's rich heritage of medical breakthroughs to advance the next generation of healthcare innovations that enable patient care.
The Business Information Security Officer (BISO) Analyst is a functional security analyst role within Global IT Security. The primary purpose of this position is analyst support for cybersecurity risks related to Baxter products. The individual in this position interacts with IT Security, Product Security, Design Engineering, and service providers, key stakeholders, personnel from various functions - including the application development, operations and network, and privacy teams - and with business departments.
Roles and Responsibilities
This is a functional role within Global IT Security, providing support for product security activities across global business units, R&D, and IT Security.
* Responsible for working closely with the product security team and sometimes in the applicable R&D product team environment
* Provide analysis and trending of product security risk associated with medical devices
* Provide support to product teams related to customer agreements, inquiries, and various other requests for assistance related to cybersecurity
* Provide threat and vulnerability analysis as well as security advisory services, and risk assessments
* Provide analysis of the impacts to Baxter based on any regulatory or customer requirement changes
* Integrate and share information with security operations team
* Present product security program and project status to management and escalate issues as needed
* Establish and maintain capabilities to track progress, identify issues, and overcome obstacles
* Play an active role to support cyber security awareness initiatives
* Work closely with stakeholders to ensure product security risks and are identified, assessed & reported; appropriate controls are in place and local procedures & activities comply with Baxter policies, standards operating procedures, industry best practices and regulatory requirements
* Provide Information security requirements, advice and counsel to portfolio personnel, project teams, and the Business ensuring alignment to information security processes and solutions
* Evaluate and assess emerging security threats and vulnerabilities in portfolios and work with portfolio personnel to identify appropriate controls
* Oversee and manage portfolio of Information Risk Issues to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executives
* 5-6 years of experience in Cybersecurity and 2-3 years of business facing roles/consultancy
* Strong understanding of cyber security trends and events
* Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
* Information Security certification e.g. CISSP, CISSLP, GIAC etc. is desired
* Strong analytical and multi-tasking skills, writing proficiency and visual design skills, problem solving and decision-making skills Highly developed communication skills, both verbal and written
* Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT-business personnel
* Excellent verbal and written communication skills.
* Advanced knowledge in information security principles, including risk assessment and management, threat and vulnerability management, and identity and access management.
* Advancement of security governance knowledge including but not limited to security control relationships and correlation of accumulative/inherent risks related to mitigation, noncompliance and/or risk acceptance.
* Ability to exercise sound judgment in complex situations.
* Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
* Ability to work well under minimal supervision.