Baxter Sr. IT Product Security Architect in Deerfield, Illinois

*Sr. IT Product Security Architect Baxter International Deerfield, IL or Virtual/Work from Home (US)

About Baxter*

Baxter provides a broad portfolio of essential renal and hospital products, including home, acute and in-center dialysis; sterile IV solutions; infusion systems and devices; parenteral nutrition; surgery products and anesthetics; and pharmacy automation, software and services. The company’s global footprint and the critical nature of its products and services play a key role in expanding access to healthcare in emerging and developed countries. Baxter’s employees worldwide are building upon the company’s rich heritage of medical breakthroughs to advance the next generation of healthcare innovations that enable patient care.

Position Summary

• Architect the development, implementation, execution and operations of Baxter´s global information Security Architecture and Engineering processes, including Enterprise and Security Architect and Technology Research and Development. • Responsible for an information security architecture framework/standards that govern security practices globally, enabling risk based control decisions to protect the confidentiality, integrity and availability of electronic personal and health information as well as other corporate data. • Responsible for key activities including key oversight of information security engineering and drives implementation of the target security architecture. • Very hands on, an active member of the team, helping to drive objectives forward as much, or more, than his/her team members. • Manage technical aspects of large complex projects or new technology. Provide expert technical counsel and leadership to drive the strategic direction and set Baxter technology standards. • Proactively address significant business issues through technological innovation. Establish global technical strategy to meet IT customer needs and medical device regulatory requirements. • Drive global implementation of technology vision. Facilitate the development of professional and technical skills for self, subordinates, and peers.

Critical Responsibilities

• Manage cybersecurity architecture and design for large complex technical projects over multiple platforms, provide expert technical counsel and leadership in medical device cybersecurity, drive innovation through leveraging emerging technologies, implement diverse global solutions, and develop skills for self, peers and subordinates. • Be responsible for making sure that the cybersecurity risk of Baxter medical devices is reduced to acceptable levels o Continually evolve Baxter MDC/Security Architecture Core Elements {Baxter Medical Device Core Set of Controls (C3FMD), Risk Assessment framework (CFMEA), the Secure Design service, the Regulatory Support service} to ensure that Baxter’s core elements meet levels of maturity deemed appropriate by IT Security Leadership o Lead a team of engineers to ensure that the Secure Design and Regulatory Support services are being executed properly, with high-quality deliverables being delivered on time and to the appropriate stakeholders • Ensure patient safety is a driver for all cybersecurity design activities o Undergo therapy training on Baxter medical devices, when appropriate o Establish regular touchpoints with Medical Affairs to ensure that therapies are appropriately understood o Be trained on ISO 14971, PDLM and on concepts like HSHA/RACT. • Ensure compliance to Baxter quality standards, compliance standards and IT policies o Create compliance and cybersecurity plan as part of the Secure Design initiation phase o Ensure adherence to the compliance and cybersecurity plan throughout the PDLM process o Ensure that product teams comply with IT policies regarding business risk o Maintain regular touchpoints with Risk and Reliability, Global Quality and Compliance to ensure that alignment is continually maintained with relevant stakeholders • Define/create elements of the Baxter Medical Device Cybersecurity Framework o Define risk acceptability criteria (patient safety, patient privacy, business) o Define/collect metrics for the Cybersecurity Framework o Define elements of/collaborate on IT Security policies o Create security capabilities like PKI, Secure Software Lifecycle Development Processes, Secure Platform, Secure Coding Guidelines, Security Architecture Library, Static Analysis Tool Suite, Research and Testing Lab etc. o Work with other groups in the IT organization to integrate elements of the Medical Device Cybersecurity Framework with other capabilities and services • Evangelize medical device security throughout Baxter o Create/deliver training material for cybersecurity o Establish regular touchpoints with LSD, PRMO, GBU Leads o Establish regular touchpoints with Regulatory, Legal, Sales and Marketing o Create white papers/deep dives for GBU Leads and GBU engineers o Mentor engineers attached to their GBU and ensure that they are also appropriately trained • Participate in strategic planning, budgeting, technology steering meetings, cybersecurity standards bodies, and work with the business to set technical direction. • Drive cybersecurity technical decisions for the corporation. Establish and evolve Baxter Medical Device Cybersecurity architecture and program Framework. Lead cybersecurity risk assessment for medical devices and provide support for regulatory activities to ensure that the cybersecurity risk of Baxter products is reduced to the level deemed acceptable by IT security and business leadership. • Provide cybersecurity technical leadership, guidance and consulting to team members and others throughout the organization. • Design and integrate cybersecurity technical solutions for business requirements. Develop value propositions, foster innovations, and identify and implement process improvements. • Architect cybersecurity solutions to complex problems by applying “security by design” and “privacy by design” principles, and using threat modeling, risk analysis tools and other techniques. • Ensure that new products or services are adequately evaluated, researched, tested and documented from cybersecurity perspective. Support information security audits to demonstrate adherence to IT policies, Baxter quality standards, compliance standards, and regulatory requirements. • Evangelize medical device cybersecurity throughout Baxter by establishing regular touchpoints with business leaderships, product teams, and stakeholders from regulatory, sales, marketing, and legal organizations. • Supervise and/or mentor other technical personnel. Provide trainings and white papers in emerging cybersecurity technologies. Use knowledge of security architecture and engineering to oversee a variety of activities • Coordinates the activities of the team with the activities of other business and IT teams • Remain up to date on new and emerging technologies within area of technical expertise and serves as resources to other Baxter departments • Serve on internal governance committees and external bodies (standards, ISAOs etc.) • Ensure that Baxter is protected from emergent threats in a fast-changing security landscape o Be responsible for staying abreast of the latest developments in the cybersecurity domain o Be part of outreach activities to researchers and universities

*Key Requirements *

• Bachelor’s degree in healthcare, computer technology, engineering, mathematics, information management or related field required. Master’s degree desirable • Preferred/Not Required: Ten years’ experience working within the Healthcare Industry • Five years’ experience with regulatory controls such as HITECH Act and HIPAA Laws • Certifications such as: o CISSP: Certified Information Systems Security Professional o CISSP-ISSAP: Information Systems Security Architecture Professional o CISM: Certified Information Security Manager o CEH: Certified Ethical Hacker o CSSA: Certified SCADA Security Architect • Highly proficient, concise and articulate verbal and written communication skills to a wide range of audiences including business executive, end-users, and technical partners • Effective customer service and interpersonal skills, including the ability to work in a team environment; motivate and work with others to accomplish tasks; and deal honestly and directly with others • Strong critical thinking, analytic and problem-solving skills • Ability to provide effective independent technical leadership and counsel and effective communication of technology standards to management. • Technical expertise in a variety of architectures and platforms, especially in cybersecurity disciplines. • Ability to deliver innovative cybersecurity solutions for medical devices, enterprise IT, cloud, and device analytics. • Visionary thinker that can anticipate future computing capabilities while taking pragmatic approach of “Think Big, Start Small, Move Fast”. • Ability to effectively translate and present technology solutions in business or management terms. • Ability to work effectively in a team environment. • Ability to work independently with minimal supervision.

Key Experiences *

• 10-15 years’ experience in Information Security with a strong leadership and operational background and proven track record of accomplishments in cybersecurity within a large, complex, multi-location organization • Experience in the medical technology/device industry • Familiarity with developing architecture for manufacturing organizations is highly desirable • Demonstrated track record implementing and successfully leading, often through work products, a cybersecurity engineering and architecture program is strongly preferred • Seasoned professional with health care experience that has a deep understanding of business and manufacturing operations as well as the current business issues and technology trends influencing the health care sector is desired

A Career That Matters Baxter’s employees are united in a mission to save and sustain lives. We are passionate about applying scientific innovation to meet the needs of the millions of people worldwide who depend on our medically necessary therapies and technologies. We focus on increasing access to healthcare, innovating in crucial areas of unmet need, and pursuing creative collaborations that bring our mission to life for patients every day


Equal Employment Opportunity Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic. EEO is the Law EEO is the law - Poster Supplement Pay Transparency Policy *Reasonable Accommodations* Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail toAmericas_TTA@baxter.comand let us know the nature of your request along with your contact information.

Job: *Information Technology

Organization: *Global Information Technology - Info Security & Compliance

Title: Sr. IT Product Security Architect

Location: Illinois-Deerfield

Requisition ID: 18000AQM