Global IT Security - Business Information Security Officer (BISO)
DescriptionGlobal IT Security - Business Information Security Officer (BISO)
Security Governance & Strategy
Deerfield, IL or Virtual/Work From Home (US)
Baxter provides a broad portfolio of essential renal and hospital products, including home, acute and in-center dialysis; sterile IV solutions; infusion systems and devices; parenteral nutrition; surgery products and anesthetics; and pharmacy automation, software and services. The company’s global footprint and the critical nature of its products and services play a key role in expanding access to healthcare in emerging and developed countries. Baxter’s employees worldwide are building upon the company’s rich heritage of medical breakthroughs to advance the next generation of healthcare innovations that enable patient care.
• Manager functional role within Global IT Security to provide consultation, advice and support to Baxter Line of Business in implementation of secure business solution.
• BISO is the center of competence for Information Security and plays an active role to support business executive team on cyber security awareness, align business strategy with information security strategy and act as an enabler for the business.
• Accountability to ensure that Information Security Risks within their assigned portfolios are identified, assessed & reported; appropriate controls are in place and local procedures & activities comply with Baxter Information Security (IS) policies, standards operating procedures, industry best practices and regulatory requirements.
• Interact with Design Engineering and service providers, key stakeholders, personnel from various functions — including the application development, operations and network, and privacy teams — and with business departments.
• Consulting, Advisory and Control
• Communication & Reporting
• Liaison between Business Team, Design Engineering and Global IT organization
• Training and Awareness
In order to be successful in the position the successfully candidate should ideally have:
• Business and Information Security background
• Medical Devices and IT Security Risk Management skills
• Strong verbal and written communication skills
• 6-8 Years of experience in Cybersecurity and 2=3 years of business facing roles/consultancy
• Work closely with business executive team, portfolio personnel, stakeholders, and senior management to identify Information Security risks and controls.
• Understand Business and Information Security strategies as they relate to the portfolio
• Work as an Information Security subject matter expert and provide expertise in regards to their support area or portfolio
• Provide Information security requirements, advice and counsel to portfolio personnel, project teams, and the Business ensuring alignment to IS processes and solutions
• Evaluate and assess emerging security threats and vulnerabilities in portfolio and work with portfolio personnel to identify appropriate controls.
• Provide portfolio personnel guidance in understanding and responding to security incidents with appropriate stakeholders.
• Be an advocate for IS& Medical Devices solutions and standards.
• Implement information security risk governance and control framework for the local organization that incorporates a consistent, sustainable methodology for identifying, assessing, and documenting information security risk that provides early warning of potential failure to meet information security requirements.
• Directs and monitors due diligence of information security risk processes and results on an ongoing basis
• Identifies, evaluates the magnitude and documents information security risks in the portfolio and ensures necessary approvals are obtained.
• Oversees and manages portfolio of Information Risk Issues to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executive.
• Participate, facilitate and deliver training and awareness to promote Information Security within the assigned portfolio.
• Promoting centralized training and awareness opportunities to ensure participation from assigned group.
• Spreading awareness and knowledge of good Information Security practices in the general and specific local populations.
• Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
Knowledge and Skills
• Strong understanding of cyber security trends and events
• Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
• Information Security certification e.g. CISSP, CISSLP, GIAC etc. is desired
• Strong analytical and multi-tasking skills, writing proficiency and visual design skills, problem solving and decision-making skills Highly developed communication skills, both verbal and written
• Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT-business personnel
• Excellent verbal and written communication skills.
• Advanced knowledge in information security principles, including risk assessment and management, threat and vulnerability management, and identity and access management.
• Advancement of security governance knowledge including but not limited to security control relationships and correlation of accumulative/inherent risks related to mitigation, noncompliance and/or risk acceptance.
• Ability to exercise sound judgment in complex situations.
• Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
• Ability to work well under minimal supervision.
A Career That Matters
Baxter’s employees are united in a mission to save and sustain lives. We are passionate about applying scientific innovation to meet the needs of the millions of people worldwide who depend on our medically necessary therapies and technologies. We focus on increasing access to healthcare, innovating in crucial areas of unmet need, and pursuing creative collaborations that bring our mission to life for patients every day
Equal Employment Opportunity
Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail to Americas_TTA@baxter.com and let us know the nature of your request along with your contact information.