Title: Global IT, Manager – Security, Business Information Security Officer (BISO)
Are you looking for a career that matters?
We believe every person deserves a chance for a healthy life, free from illness and full of possibility. We see a world full of healing, with viable care options available to those with limited choices today. We envision new ways of providing physicians, pharmacists and nurses with technologies that not only treat chronic diseases, but also work to prevent them. We’re looking for team members who are motivated to learn, grow and innovate, while making a meaningful difference for millions of people around the world.
Global IT Security – Business Information Security Officer – Product Security
Security Governance & Strategy
Deerfield, IL or Virtual/Work from Home (US)
- The Business Information Security Advisor/Officer (BISO) is a Manager functional role within Global IT Security to provide consultation, advice and support to Baxter Line of Business in implementation of secure business solution.
- BISO is the center of competence for Information Security and plays an active role to support business executive team on cyber security awareness, align business strategy with information security strategy and act as an enabler for the business.
- BISO has the accountability to ensure that Information Security Risks within their assigned portfolios are identified, assessed & reported; appropriate controls are in place and local procedures & activities comply with Baxter Information Security (IS) policies, standards operating procedures, industry best practices and regulatory requirements.
- Interact with Design Engineering and service providers, key stakeholders, personnel from various functions — including the application development, operations and network, and privacy teams — and with business departments.
In order to be successful in the position the successfully candidate should ideally have:
- Business and Information Security background
- Medical Devices and IT Security Risk Management skills
- Strong verbal and written communication skills
- Consulting, Advisory and Control
- Communication & Reporting
- Liaison between Business Team, Design Engineering and Global IT organization
- Training and Awareness
Roles and Responsibilities
Functional role within Global IT Security to coordinate, consult, advise, and support all product security activities across global business units, R&D, and other functional leaders for all product security related activities.
- Present product security program and project status to management and escalate issues as needed.
- Manage a team of security risk managers and a senior technical security strategy risk manager.
- Establish and maintain capability to track progress, identify issues, and overcome obstacles.
- Plays an active role to support business executive team on cyber security awareness, align business strategy with information security strategy and act as an enabler for the business.
- Accountability to ensure that Information Security Risks within assigned portfolios are identified, assessed & reported; appropriate controls in place/local procedures & activities comply with Baxter Information Security (IS) policies, standards operating procedures, industry best practices and regulatory requirements.
- Work closely with business executive team, portfolio personnel, stakeholders, and senior management to identify Information Security risks and controls.
- Understand Business and Information Security strategies.
- Work as an Information Security subject matter expert and provide expertise in regards to their support area or portfolio.
- Provide Information security requirements, advice/counsel to portfolio personnel, project teams, and the Business ensuring alignment to information security processes and solutions.
- Evaluate and assess emerging security threats and vulnerabilities in portfolio and work with portfolio personnel to identify appropriate controls.
- Oversees/manages portfolio of Information Risk Issues to ensure current/accurate and supported by sound resolution plans or formal risk acceptance by business executive.
- 8-10 Years of experience in Information Security and 4-5 years of business facing roles/consultancy
- Strong understanding of cyber security trends and events
- Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
- Information Security certification e.g. CISSP, CISSLP, GIAC etc. is desired
- Strong analytical/multi-tasking skills, writing proficiency/visual design skills, problem solving/decision-making skills Highly developed communication skills, both verbal and written
- Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT-business personnel
- Excellent verbal and written communication skills.
- Advanced knowledge in information security principles, including risk assessment and management, threat and vulnerability management, and identity and access management.
- Advancement of security governance knowledge including/not limited to security control relationships-correlation of accumulative/inherent risks related to mitigation, noncompliance and/or risk acceptance.
- Ability to exercise sound judgment in complex situations.
- Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
- Ability to work well under minimal supervision.