Posted in

Director Product Security Architecture & Engineering

Director Product Security Architecture & Engineering

CompanyBaxter International
LocationHighland Park, IL, USA
Salary$184000 – $253000
TypeFull-Time
DegreesBachelor’s, Master’s
Experience LevelSenior, Expert or higher

Requirements

  • Bachelor’s degree in information systems, computer science, engineering or a related healthcare field; Master’s degree in technology, information systems or related field preferred or equivalent demonstrated work experience
  • Recommended Security certifications such as CISM, CISSP, other security and healthcare industry related credentials
  • Solid knowledge of Security by Design requirements, Software Bill of Materials (SBOM), Vulnerability Management and tools is required
  • Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, EU-MDR and all other applicable regulations
  • 12+ Years as an experienced leader developing and mentoring technical resources and teams
  • Experience in application or embedded software development with responsibility for secure development, or extensive Information Security leadership experience including secure code development processes
  • Knowledge of HIPAA, federal and international regulations on medical device security, transactions and security Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient data
  • Proven ability to make sound decisions, build realistic plans, and manage and drive execution, including creating and implementing resource deployment strategies; demonstrated organization, facilitation, written and oral communication, and presentation skills
  • Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
  • Clear understanding of development operations and build pipelines, tools and solutions
  • Demonstrated skills in verbal communication and listening
  • Demonstrated skills in providing excellent service to customers; excellent writing skills
  • A high level of integrity and trust

Responsibilities

  • Provide vision and leadership in the development and execution of product security strategies in alignment with the business strategy
  • Oversee the organization and execution of product development operations and software engineering efforts, with a focus on architecting and designing preventative security solutions
  • Develop and maintain strategic partnerships around the ongoing maintenance of operating systems to ensure products remain secure against future cyber threats
  • Lead the development and daily operations of the development operations aspects of the security program to ensure the security of connected devices
  • Work with cross-functional team members to establish and/or enhance ongoing preventative risk assessment processes for Baxter connected devices
  • Build solid platform and DevOps intelligent designs to ensure security by design standards for build pipelines, that drive security standardization and reduce risk through process and solutions. Execute and implement across all segments within Baxter
  • Develop, maintain, and support shared service capabilities such as security testing, vulnerability management, training, coordinated vulnerability disclosure, incident response, and customer communications
  • Oversee the development and implementation of the product security and privacy roadmap
  • Drive DevSecOps strategies and solutions utilizing security risks to consolidate and align development operations platforms, processes, and solutions
  • Develop and execute strategies for external presence and participation in industry groups, conferences, and thought leadership activities
  • Build and motivate teams with complementary subject matter knowledge across all responsible capability areas
  • Define resource planning and management plans to support short and long-term objectives and execute business processes to gain approval and execute resource plans
  • Oversee internal communications on the product security and privacy program, including product security and privacy plans, implementation, issues, and external communications regarding program and product vulnerabilities
  • Work with leadership of stakeholder groups as a change agent to define and implement preventative product security practices
  • Provide professional development opportunities for staff to grow and develop expertise across required capability areas
  • Build a risk-aware product security and privacy culture through education and awareness
  • Serve as a subject matter resource for key BGPS areas of responsibility
  • Ensure operating mechanisms and metrics of program implementation activities are measurable and reviewed using appropriate management review processes

Preferred Qualifications

  • Industry experience is open and may include healthcare IT, hospital/healthcare, financial services, aerospace, automotive, etc.; medical device experience is not required; global experience is preferred but not required