Job Description :
Business Analyst III with IT Security, Risk management and Product Security experience
Location:: Deerfield IL
Duration::12+Months
Global IT Security - Business Information Security Officer Analyst - Product Security
Job Description
The Business Information Security Officer (BISO) Analyst is a functional security analyst role within Global IT Security. The primary purpose of this position is analyst support for cybersecurity risks related to Client products. The individual in this position interacts with IT Security, Product Security, Design Engineering, and service providers, key stakeholders, personnel from various functions — including the application development, operations and network, and privacy teams — and with business departments.
Roles and Responsibilities
This is a functional role within Global IT Security, providing support for product security activities across global business units, R&D, and IT Security.
Responsible for working closely with the product security team and sometimes in the applicable R&D product team environment
Provide analysis and trending of product security risk associated with medical devices
Provide support to product teams related to customer agreements, inquiries, and various other requests for assistance related to cybersecurity
Provide threat and vulnerability analysis as well as security advisory services, and risk assessments
Provide analysis of the impacts to Client based on any regulatory or customer requirement changes
Integrate and share information with security operations team
Present product security program and project status to management and escalate issues as needed
Establish and maintain capabilities to track progress, identify issues, and overcome obstacles
Play an active role to support cyber security awareness initiatives
Work closely with stakeholders to ensure product security risks and are identified, assessed & reported; appropriate controls are in place and local procedures & activities comply with Baxter policies, standards operating procedures, industry best practices and regulatory requirements
Provide Information security requirements, advice and counsel to portfolio personnel, project teams, and the Business ensuring alignment to information security processes and solutions
Evaluate and assess emerging security threats and vulnerabilities in portfolios and work with portfolio personnel to identify appropriate controls
Oversee and manage portfolio of Information Risk Issues to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executives
Qualifications/Experience
5-6 years of experience in Cybersecurity and 2-3 years of business facing roles/consultancy
Strong understanding of cyber security trends and events
Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
Information Security certification e.g. CISSP, CISSLP, GIAC etc. is desired
Strong analytical and multi-tasking skills, writing proficiency and visual design skills, problem solving and decision-making skills Highly developed communication skills, both verbal and written
Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT-business personnel
Excellent verbal and written communication skills.
Advanced knowledge in information security principles, including risk assessment and management, threat and vulnerability management, and identity and access management.
Advancement of security governance knowledge including but not limited to security control relationships and correlation of accumulative/inherent risks related to mitigation, noncompliance and/or risk acceptance.
Ability to exercise sound judgment in complex situations.
Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
Ability to work well under minimal supervision