Senior Manager, Threat and Vulnerability Management

Vantive: A New Company Built On Our Legacy

Baxter is on a journey to separate our ~$5B Kidney Care segment into a standalone company. Vantive* will build on our nearly 70-year legacy in acute therapies and home and in-center dialysis to provide best-in-class care to the people we serve. We believe Vantive will not only build our leadership in the kidney care space, it will also offer meaningful work to those who join us.

At Vantive, you will become part of a community of people who are focused, courageous and don't settle for the mediocre. Each of us are driven to help improve patients' lives worldwide. Join us as we revolutionize kidney care and other vital organ support.

*Completion of the proposed separation of Kidney Care from Baxter into a standalone company (to be named Vantive) remains subject to the satisfaction of customary conditions.

JOB SUMMARY

The Senior Manager of Vulnerability and Threat Management serves as a key member of the Information Security leadership team and will act as a technical designer, problem solver, and team leader for the overall security organization. This Sr. Manager will act as an empowered team member planning and designing initiatives to ensure vulnerabilities are detected, assessed, and addressed as risks determine. This individual will eventually lead a global team responsible for continuously monitoring networks and responding to cyber security threats, anomalies, and attacks, as well as responsible for monitoring systems and networks, identifying threats and responding to security incidents. Responsible for implementing, enhancing and optimizing the use of security tools and controls to meet security and policy requirements. Work with IT and business leadership to maintain controls, processes and standards. In this role, the Sr Manager must also be able to articulate and intimately understand technical and complex information security threats, methodologies, frameworks, technologies, and architectures. They should draw from previous hands-on experience to navigate technical decisions and challenges. This deep level of knowledge and fundamental understanding is critical to appropriately communicating, prioritizing, and mapping disparate technical data to actionable business risks - as well as holding others accountable.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Manage detection and response capabilities including software, third party security operations center, and threat hunting. Lead the team responsible for security investigations and digital forensics. Develop critical incident response program and manage security incidents and events to protect assets, including intellectual property, IT assets, and the company's reputation. Investigate security alerts and provide incident response. Monitor identity and access management, including monitoring for abuse of permissions by authorized system users. Develop and enhance an information security and cyber defense management framework. Coordinate and manage external relationships as it relates to security assessment services as well as incident response requirements. Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services. Collaborate and assist with the development and communication of security policies and standards to ensure compliance. Provide strategic and tactical security guidance for all Enterprise IT projects, including the evaluation and recommendation of technical controls. Ensure that security programs are in compliance with applicable laws, regulations and policies to minimize or eliminate risk and audit findings. Liaise between the security team, risk management, IT, audit, legal and HR management teams as required. Recruit, train, motivate, mentor, lead, and retain quality security team members to ensure proper progression and skillset coverage is in place as the information security program grows and matures. Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program. Assist with strategy/roadmap and identifies and recommends new technology solutions to meet business needs.

COMPETENCIES

Adaptability - Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful. Building Trusting Relationships - Using appropriate interpersonal styles to establish effective relationships with customers and internal partners; interacting with others in a way that promotes openness and trust and gives them confidence in one's intentions. Collaborating - Working cooperatively with others to help a team or work group achieve its goals. Communication - Conveying information and ideas clearly and concisely to individuals or groups in an engaging manner that help them understand and retain the message; listening actively to others. Continuous Learning - Actively identifying new areas for learning; regularly creating and taking advantage of learning opportunities; using newly gained knowledge and skill on the job and learning through their application. Initiating Action - Taking prompt action to accomplish work goals; taking action to achieve results beyond what is required; being proactive. Work Standards - Setting high standards of performance for self and others; assuming responsibility and accountability for successfully completing assignments or tasks; self-imposing standards of excellence rather than having standards imposed.

MINIMUM REQUIREMENTS

Minimum of ten (10) years' IT or network security experience. Bachelor's degree in information systems or equivalent work experience. Strong knowledge of technological trends and developments in the area of security, privacy, and risk management. Strong understanding of network fundamentals and protocols to be able to provide input into firewall, intrusion detection / prevention, penetration testing, and incident analysis and recommendations. Project management skills, scheduling and resource management. Knowledge of security, service, and control frameworks, such as ISO/IEC 27001, NIST, ITIL, SOX, and GDPR. Knowledge of latest information security technologies and services such as EDR, SOC, NDR, SIEM, SOAR, and XDR. Excellent written and verbal communication skills and high level of personal integrity Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams. Experience with contract and vendor negotiations and management including managed services. Experience with Cloud computing/Elastic computing across virtualized environments. Demonstrated leadership in a multi-cultural setting. Business process analysis, design, and improvement skills Team-oriented Ability to explain complex technical information clearly to business stakeholders. Analytical and problem-solving skills, including the ability to present solutions/alternatives and influence the outcome of decisions. Self-starter with demonstrated initiative and hands-on. Strong drive with the ability to make things happen. Comfortable in a dynamic environment.

PREFERRED QUALIFICATIONS

Security+, CISSP, CEH, CPT or equivalent certification.

The successful candidate for this job may be required to verify that he or she has been vaccinated against COVID-19, subject to reasonable accommodations for individuals with medical conditions or religious beliefs that prevent vaccination, and in accordance with applicable law.

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

EEO is the Law

EEO is the law - Poster Supplement

Pay Transparency Policy

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.