Sr IT Manager - Cybersecurity Vulnerability ManagementReq # JR - 049824 Location Deerfield, Illinois, United States Job Category Information Technology Date posted 09/13/2021
This is where you save and sustain lives
At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You’ll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.
Baxter’s products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.
Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.
Join us at the intersection of saving and sustaining lives— where your purpose accelerates our mission.
Sr. Manager, IT – Cybersecurity Vulnerability Management
Deerfield, IL (Workplace Flexibility is Available)
The Sr. Manager, IT Cyber Security Vulnerability Management Role leads a Global team responsible for continuously mapping the Cybersecurity Vulnerabilities within Baxter as it applies to Application, Container, API, Network and System vulnerabilities across traditional and cloud native architectures.
Architecting and managing adversary simulation campaigns and ensuring that all applicable controls required in the DevSecOps application security lifecycle are met. In this role they will be engaging stakeholders and managing processes to mitigate exposure by confirming that vulnerabilities have been resolved.
Leading role in ensuring that attacks are properly identified and prevented by the appropriate layers of the security stack.
Lead Penetration Testing Services. Develop and maintain strong partnerships with key system owners. Oversee the team responsible for prioritizing, scheduling and executing Internal and External Penetration Tests against systems and applications. Track findings and ensure that issues are remediated.
Facilitate improvements to prevention and detection capabilities for the Security Monitoring Team.
Lead Red Team Operations Services. Leverage industry standard and emerging frameworks, plan and lead a mix of internal and external engagements to find areas of improvement in prevention, detection and response capabilities. The scope will span Adversary Emulation, Purple Team and Red Team tools, infrastructure and processes.
Lead Vulnerability Management Services. Ensure that all assets in all environments are assessed for patch and configuration vulnerabilities. Monitor industry and vendor sources to track emerging risks and address within expected timeframes. Deliver clear, accurate, timely, and actionable reporting at the Enterprise and key stakeholder level by organization and region, and ensure that remediation is completed in alignment with organizational standards.
Lead the Enterprise DevSecOps Program. Ensure that the core requirements of the Secure System Development Lifecycle (SSDLC) are met at Enterprise scale across all in-scope applications. Assess the Enterprise Application Portfolio and software deployment processes, and leverage industry and organizational best practices to ensure consistent delivery of secure code in traditional, cloud and mobile environments. Provide Enterprise reporting that shows areas of risk relative to Applications, Containers and APIs and partner with stakeholders to ensure that this exposure remains within the risk tolerance of the organization.
Qualifications and Skills
10+ years of IT experience with demonstrated effectiveness leading global operations teams
Strong track record of driving operational change, remediating patch and configuration vulnerabilities at scale
Demonstrated skill leveraging Cloud native capabilities to reduce security vulnerabilities
Strong knowledge of Code Security best practices
SDLC experience, including CI/CD tools and processes
Experience working with Agile Development Practices
Skilled in structuring and managing offensive cyber operations to meet a variety of organizational needs while ensuring consistent Enterprise reporting of risk to key stakeholders
Familiar with Enterprise IT processes for Asset, Configuration, Change, Incident and Problem Management
Bachelor's degree in IT Security, Computer Science, a related field with demonstrated experience and knowledge
Excellent English verbal and written communication skills
Industry certifications nice to have: CISSP, CISM, CEH, OSCP or related
Equal Employment Opportunity
Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
EEO is the Law
EEO is the law - Poster Supplement
Pay Transparency Policy
Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.
Recruitment Fraud Notice
Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.