Director Product Security Architecture & Engineering

Key Responsibilities

• Strategic Leadership: Provide vision and leadership in the development and execution of product security strategies in alignment with the business strategy.
• Product Development & Software Engineering: Oversee the organization and execution of product development operations and software engineering efforts, with a focus on architecting and designing preventative security solutions.
• Strategic Partnerships: Develop and maintain strategic partnerships around the ongoing maintenance of operating systems to ensure products remain secure against future cyber threats.
• Security Program Development: Lead the development and daily operations of the development operations aspects of the security program to ensure the security of connected devices.
• Risk Management: Work with cross-functional team members to establish and/or enhance ongoing preventative risk assessment processes for Baxter connected devices.
• DevSecOps – Build solid platform and DevOps intelligent designs to ensure security by design standards for build pipelines, that drive security standardization and reduce risk through process and solutions. Execute and implement across all segments within Baxter.
• Develop, maintain, and support shared service capabilities such as security testing, vulnerability management, training, coordinated vulnerability disclosure, incident response, and customer communications.
• Oversee the development and implementation of the product security and privacy roadmap.
• Drive DevSecOps strategies and solutions utilizing security risks to consolidate and align development operations platforms, processes, and solutions.
• Develop and execute strategies for external presence and participation in industry groups, conferences, and thought leadership activities.
• Build and motivate teams with complementary subject matter knowledge across all responsible capability areas.
• Define resource planning and management plans to support short and long-term objectives and execute business processes to gain approval and execute resource plans.
• Oversee internal communications on the product security and privacy program, including product security and privacy plans, implementation, issues, and external communications regarding program and product vulnerabilities.
• Work with leadership of stakeholder groups as a change agent to define and implement preventative product security practices.
• Provide professional development opportunities for staff to grow and develop expertise across required capability areas.
• Build a risk-aware product security and privacy culture through education and awareness.
• Serve as a subject matter resource for key BGPS areas of responsibility.
• Ensure operating mechanisms and metrics of program implementation activities are measurable and reviewed using appropriate management review processes.

Your Team:

Reporting to Senior Director of Baxter Global Product Security, the Director Product Security Architecture and Engineering will lead a team of 4 director reports (architects). You will work collaboratively across the Baxter organization including with enterprise IT, the R&D/Software product Development teams, Regulatory and Compliance.

Your Location:

The role is located at our global corporate headquarters in the greater Chicago, IL area northern suburb of Deerfield. Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a required minimum number of days a week onsite. This policy provides the benefits of connecting and collaborating in-person in support of our Mission. The flexible workplace policy is subject to local laws and legal requirements. At its discretion, Baxter may decide to adjust, suspend, or discontinue as business needs change.

Qualification & Requirements

• Bachelor’s degree in information systems, computer science, engineering or a related healthcare field; Master’s degree in technology, information systems or related field preferred or equivalent demonstrated work experience
• Recommended Security certifications such as CISM, CISSP, other security and healthcare industry related credentials
• Solid knowledge of Security by Design requirements, Software Bill of Materials (SBOM), Vulnerability Management and tools is required
• Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, EU-MDR and all other applicable regulations
• 12+ Years as an experienced leader developing and mentoring technical resources and teams
• Experience in application or embedded software development with responsibility for secure development, or extensive Information Security leadership experience including secure code development processes
• Industry experience is open and may include healthcare IT, hospital/healthcare, financial services, aerospace, automotive, etc.; medical device experience is not required; global experience is preferred but not required
• Knowledge of HIPAA, federal and international regulations on medical device security, transactions and security Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient data
• Proven ability to make sound decisions, build realistic plans, and manage and drive execution, including creating and implementing resource deployment strategies; demonstrated organization, facilitation, written and oral communication, and presentation skills
• Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
• Clear understanding of development operations and build pipelines, tools and solutions
• Demonstrated skills in verbal communication and listening
• Demonstrated skills in providing excellent service to customers; excellent writing skills
• A high level of integrity and trust

Benefits

This is where your well-being matters. Baxter offers comprehensive compensation and benefits packages for eligible roles.

Our health and well-being benefits include:

• Medical and dental coverage that start on day one, as well as
• Insurance coverage for basic life, accident, short-term and long-term disability, and
• Business travel accident insurance.

Financial and retirement benefits include:

• Employee Stock Purchase Plan (ESPP), with the ability to purchase company stock at a discount, and
• 401(k) Retirement Savings Plan (RSP), with options for employee contributions and company matching.

We also offer:

• Flexible Spending Accounts
• Educational assistance programs, and
• Time-off benefits such as:
  • Paid holidays
  • Paid time off ranging from 20 to 35 days based on length of service
  • Family and medical leaves of absence, and
  • Paid parental leave.

Additional benefits include:

• Commuting benefits
• Employee Discount Program
• Employee Assistance Program (EAP), and
• Childcare benefits