Security Compliance Specialist

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You’ll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients. 

Baxter’s products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work. 

Join us at the intersection of saving and sustaining lives— where your purpose accelerates our mission. 

Your role at Baxter

This is where your work saves lives.

Are you a Governance, Risk and Compliance (GRC) professional with experience leading US Dept of Defense Authorization to Operate (ATO) security authorizations? If so, this outstanding opportunity is for you! As a Security Compliance Specialist for our Baxter Global Product Security team, you will work closely with Baxter’s global development teams and our US Government agency partners to lead security authorizations for Baxter’s medical products. This role will also support Baxter’s commercial compliance work with CMMC, SOC2, ISO 27001, and related standards.

Your team:

As a key member of the Global Product Security team, you will coordinate with developers world‐wide to ensure the application product software we build is safe and secure. You will provide consulting and security mentorship on emerging threats, vulnerabilities, and security practices that may have an impact on the security posture of a variety of applications across the Baxter portfolio. The role will be instrumental in providing mentorship and reviews of security across all Baxter products.

What you'll be doing:

• Work closely with product teams and enterprise business operations staff to maintain security governance documentation (Policies, Procedures, and Standards) for Baxter products to support security certifications and authorizations.

• Consult with global development teams on the preparation and submission of ATO package deliverables (architecture & data flow diagrams, asset inventories, Privacy Impact Analyses, etc.) for US Government (USG) accreditation/re-accreditation initiatives.

• Provide ongoing support (in SME capacity) to Product/R&D partners on USG ATO life‐cycle management activities, including POA&M remediation.

• Lead communication to and further relationships with USG authorizing officials at the Defense Health Agency and various DoD Medical Treatment Facilities.

• Support annual audits for Baxter’s commercial certifications (SOC2 and ISO 27001) by facilitating audit walkthroughs/demonstrations, collecting and analyzing control implementation evidence, and collaborating closely with third-party auditors to lead audit logistics and provide feedback on reports/deliverables.

• Establish processes around security incident response and breach investigation, and coordinate/facilitate tabletop and functional exercises/simulations to verify effective‐ness of these processes.

• Participate in incident response and recovery operations, either as lead subject matter expert or in support/advisory capacity depending on business needs.

• Assist product development & engineering staff with evaluation and implementation of commercial-off-the-shelf & open-source security tools (e.g. vulnerability detection tools, SBOM generation tools, etc.).

• Provide thought leadership and strategic direction for process improvement efforts in‐volving Baxter’s commercial and Government/DoD certification initiatives.

What you'll bring:

• Bachelor’s degree in Computer Science or a related field desired.

• One or more security-focused industry certifications such as: CISSP, CISA, CAP, CCSP, CEH, OSCP.

• 3+ years of experience in one or more of the following disciplines: risk/compliance analysis, IT audit, security operations (SOC/incident response), vulnerability management, secure software development, network engineering/operations, penetration testing.

• Experience in documentation development (Policies & Procedures, System Security Plans, system/network architecture diagrams, etc.).

• Familiarity with the NIST Risk Management Framework and NIST 800-171 standards.

• Experience in FDA, Medical Device, or other regulated environment desired.

• Experience interpreting/applying DoD Risk Management Framework (RMF) and supporting the information system authorization process in Government contexts is a plus.

Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a required minimum number of days a week onsite. This policy provides the benefits of connecting and collaborating in-person in support of our Mission. The flexible workplace policy is subject to local laws and legal requirements. At its discretion, Baxter may decide to adjust, suspend, or discontinue as business needs change.

We understand compensation is an important factor as you consider the next step in your career. At Baxter, we are committed to equitable pay for all our employees, and we strive to be more trans‐parent with our pay practices. To that end, this position has a base salary range of $104,000 to $143,000 plus an annual incentive bonus. The above range represents the expected base salary range for this position. The actual salary may vary based upon several factors including, but not limited to, relevant skills/experience, time in the role, business line, and geographic/office location.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

US Benefits at Baxter (except for Puerto Rico)

This is where your well-being matters. Baxter offers comprehensive compensation and benefits packages for eligible roles. Our health and well-being benefits include medical and dental coverage that start on day one, as well as insurance coverage for basic life, accident, short-term and long-term disability, and business travel accident insurance. Financial and retirement benefits include the Employee Stock Purchase Plan (ESPP), with the ability to purchase company stock at a discount, and the 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching. We also offer Flexible Spending Accounts, educational assistance programs, and time-off benefits such as paid holidays, paid time off ranging from 20 to 35 days based on length of service, family and medical leaves of absence, and paid parental leave. Additional benefits include commuting benefits, the Employee Discount Program, the Employee Assistance Program (EAP), and childcare benefits. Join us and enjoy the competitive compensation and benefits we offer to our employees. For additional information regarding Baxter US Benefits, please speak with your recruiter or visit our Benefits site: Benefits | Baxter

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Know Your Rights: Workplace Discrimination is Illegal

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.