Baxter International Inc. provides a broad portfolio of essential renal and hospital products, including home, acute and in-center dialysis; sterile IV solutions; infusion systems and devices; parenteral nutrition; biosurgery products and anesthetics; and pharmacy automation, software and services. The company’s global footprint and the critical nature of its products and services play a key role in expanding access to healthcare in emerging and developed countries. Baxter’s 50,000 employees worldwide are building upon the company’s rich heritage of medical breakthroughs to advance the next generation of healthcare innovations that enable patient care.
This position is responsible for establishing a cross-functional team; providing leadership, direction and management of cybersecurity risk analysis, threat intelligence, vulnerability disclosure, and security code review organizational capabilities. The main focus of the Risk Analysis service is to identify known and unknown vulnerabilities associated with Baxter Medical Devices. Scope will encompass both new and sustaining products, providing inputs and technical expertise to multiple teams to eliminate or mitigate identified cybersecurity risks.
1)Build an organizational structure and lead Cybersecurity Risk Assessment and Cybersecurity Threat Intelligence teams to complete identified deliverables with quality, within specified timeframes and budget.
2)Develop, manage, and provide strategic guidance for Cybersecurity Risk Assessment service for Medical Devices across global franchise teams and product development life cycle.
3)Coordinate R&D capabilities for security vulnerability and penetration testing
4)Guide and lead mitigation strategies for identified vulnerabilities across all product lines
5)Develop and provide direction for Cybersecurity Threat Intelligence service for Medical Devices.
6)Mentor the development of Medical Device Cybersecurity Risk Rating Methodology
7)Pioneer and assure the adoption of Secure Coding development / review process
8)Develop and manage a Cybersecurity Risk Analysis budget including operating expenses and capital project expenses.
9)Advise and mentor the development of service leaders and junior staff members, provide guidance in self-learning activities.
10)Understand and ensure compliance with all current and applicable laws, regulations, and guidance’s from US and EU that affect Medical Device Cybersecurity.
-Ability to lead and provide guidance for cross-functional teams across multiple locations
-Strong team building, talent management, oral and presentation skills
-Demonstrated track record of successfully creating program ./ services with the emphasis on delivering results
-Experience creating product development policies, procedures, and standards
-Proven ability to influence business leadership and cross-functional teams.
-Experience in the following: computer architecture, operating systems, imbedded systems design, inter and inner process communications, networking protocols and their related implementations.
-Experience with and understanding of compiled and interpreted programs and the types of security issues possible in each; database systems, web servers, application servers, firewalls, routers, load balancers, switches, and different types of middleware; x86 assembly.
-Experience with debuggers and disassemblers; malware analysis through reverse engineering, protocol analysis, and log analysis; intrusion analysis through reverse engineering, log analysis, forensic disk examination, and system review.
-Experience with source code reviews (at least c/c++ and java) for security vulnerabilities.
-Experience with reverse engineering binaries (at least x86) for security vulnerabilities.
-Bachelor Degree, with 7 years of Cybersecurity Risk Analysis experience.