Reporting to the Product Security Director, the Product Security GRC Senior Analyst executes governance, risk and compliance functions in support of product & solution security.
Coordinate security risk assessments for new products & solutions.
Maintain a risk register and risk visual with clearly defined owners for each risk.
Consult with the internal legal team to resolve potential legal compliance issues.
Educate key stakeholders on program, risks, and importance of security in Zebra products & solutions
Support continuous development and improvement of security policies, metrics and measures.
Ensure excellent consistency, documentation, and process across all programs.
Advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
Actively support a Product & Solutions Security steering committee and working group to prioritize efforts, shed light on issues, and work to resolve identified security risks.
Contribute to a culture where security and risk management are considered foundational rather than afterthoughts.
Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
Collaborate with other departments (e.g., Legal, Internal Audit, HR, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
Coordinate with IT GRC Manager to ensure cooperation, data sharing, and leveraging of best practices.
Work with a team of business security liaisons across the various business divisions and groups to ensure that product & solution security is top of mind and to gain program breadth, visibility, and control of Zebra’s instrument/device environment.
Research latest security governance best practices when it comes to product & solution security, incorporating them into Zebra processes.
Bachelor’s Degree in Science, Technology, Engineering, or Math (Master’s Degree a plus).
6+ years of IT or Engineering experience, with 4+ years of work-related Governance, Risk & Compliance (GRC) experience (e.g. product security, IT security, secure software development, risk assessment, and/or vulnerability management).
Experience conducting security risk assessments of revenue-generating products and solutions.
Experience developing and editing security policies.
Experience developing security metrics.
Experience assessing third-party risks.
Complete understanding of current governance, risk and compliance processes and tools.
Knowledge of applicable industry standards, leading security practices, and regulatory requirements potentially affecting Zebra’s products and services.
Good understanding of popular application security standards including OWASP TOP 10, SANS TOP 25, etc.
CISSP, CISM, CRISC, or other relevant certification highly desired.
Strong attention to detail, organizational skills.
Excellent customer service skills required.
Strong analytical and product management skills required.
Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share with your network
Zebra is an equal opportunity/affirmative action employer committed to a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, ancestry, marital status, age, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by law. If you are an individual with a disability and need assistance in applying for a position, please contact us at 847.793.6772.
The EEO is the Law poster is available here. The EEO is the Law poster supplement is available here.