Senior Security GRC Engineering AnalystPosted: 4 weeks ago
- Reporting to the Product Security Director, the Product Security GRC Senior Analyst executes governance, risk and compliance functions in support of product & solution security.
- Responsible for the facilitation of product risk management processes and collaborating cross-functionally to help mature and execute the product risk management framework.
- Meeting customer demands for proper security and managing client's risk by leveraging a secure framework is essential to the role.
- Coordinate security risk assessments for new products & solutions.
- Maintain a risk register and risk visual with clearly defined owners for each risk.
- Consult with the internal legal team to resolve potential legal compliance issues.
- Educate key stakeholders on program, risks, and importance of security in Client products & solutions
- Support continuous development and improvement of security policies, metrics and measures.
- Ensure excellent consistency, documentation, and process across all programs.
- Advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
- Actively support a Product & Solutions Security steering committee and working group to prioritize efforts, shed light on issues, and work to resolve identified security risks.
- Contribute to a culture where security and risk management are considered foundational rather than afterthoughts.
- Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
- Collaborate with other departments (e.g., Legal, Internal Audit, HR, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
- Coordinate with IT GRC Manager to ensure cooperation, data sharing, and leveraging of best practices.
- Work with a team of business security liaisons across the various business divisions and groups to ensure that product & solution security is top of mind and to gain program breadth, visibility, and control of Client's instrument/device environment.
- Research latest security governance best practices when it comes to product & solution security, incorporating them into Client processes.
- Bachelor's Degree in Science, Technology, Engineering, or Math or equivalent work experience.
- (Master's Degree a plus).
- 6+ years of IT or Engineering experience, with 4+ years of work-related Governance, Risk & Compliance (GRC) experience (e.g. product security, IT security, secure software development, risk assessment, and/or vulnerability management).
- Experience conducting security risk assessments of revenue-generating products and solutions.
- Experience developing and editing security policies.
- Experience developing security metrics.
- Experience assessing third-party risks.
- Complete understanding of current governance, risk and compliance processes and tools.
- Knowledge of applicable industry standards, leading security practices, and regulatory requirements potentially affecting Client's products and services.
- Good understanding of popular application security standards including OWASP TOP 10, SANS TOP 25, etc.
- CISSP, CISM, CRISC, or other relevant certification highly desired.
- Strong attention to detail, organizational skills.
- Excellent customer service skills required.
- Strong analytical and product management skills required.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.