Senior Security GRC Engineering Analyst

Posted: 4 weeks ago

Summary:

  • Reporting to the Product Security Director, the Product Security GRC Senior Analyst executes governance, risk and compliance functions in support of product & solution security.
  • Responsible for the facilitation of product risk management processes and collaborating cross-functionally to help mature and execute the product risk management framework.
  • Meeting customer demands for proper security and managing client's risk by leveraging a secure framework is essential to the role.

Responsibilities
Execution:
  • Coordinate security risk assessments for new products & solutions.
  • Maintain a risk register and risk visual with clearly defined owners for each risk.
  • Consult with the internal legal team to resolve potential legal compliance issues.
  • Educate key stakeholders on program, risks, and importance of security in Client products & solutions
  • Support continuous development and improvement of security policies, metrics and measures.
  • Ensure excellent consistency, documentation, and process across all programs.
  • Advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
  • Actively support a Product & Solutions Security steering committee and working group to prioritize efforts, shed light on issues, and work to resolve identified security risks.
  • Contribute to a culture where security and risk management are considered foundational rather than afterthoughts.
Partnerships:
  • Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
  • Collaborate with other departments (e.g., Legal, Internal Audit, HR, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Coordinate with IT GRC Manager to ensure cooperation, data sharing, and leveraging of best practices.
  • Work with a team of business security liaisons across the various business divisions and groups to ensure that product & solution security is top of mind and to gain program breadth, visibility, and control of Client's instrument/device environment.
  • Research latest security governance best practices when it comes to product & solution security, incorporating them into Client processes.

Qualifications
  • Bachelor's Degree in Science, Technology, Engineering, or Math or equivalent work experience.
  • (Master's Degree a plus).
  • 6+ years of IT or Engineering experience, with 4+ years of work-related Governance, Risk & Compliance (GRC) experience (e.g. product security, IT security, secure software development, risk assessment, and/or vulnerability management).
  • Experience conducting security risk assessments of revenue-generating products and solutions.
  • Experience developing and editing security policies.
  • Experience developing security metrics.
  • Experience assessing third-party risks.
  • Complete understanding of current governance, risk and compliance processes and tools.
  • Knowledge of applicable industry standards, leading security practices, and regulatory requirements potentially affecting Client's products and services.
  • Good understanding of popular application security standards including OWASP TOP 10, SANS TOP 25, etc.
  • CISSP, CISM, CRISC, or other relevant certification highly desired.
  • Strong attention to detail, organizational skills.
  • Excellent customer service skills required.
  • Strong analytical and product management skills required.
  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.