• Product Security Director

    Location US-NY-Holtsville
    Job ID
    53579
    Function
    IT
  • Overview

    Reporting into the Chief Security Officer (CSO), the Product Security Director has global responsibility for the Global Product & Solutions Security program including the strategy, planning, and execution. They will own the overarching program which will be responsible for ensuring security is integrated into relevant Zebra products and solutions.

    Responsibilities

    • Strategy:

      • Develop and lead the strategic vision to manage both internal and external risks associated with Zebra products and solutions.
      • Ensure this strategy is aligned with the overall product and solutions strategy.
      • Build out a cost-effective organization of security professionals to support the Global Product & Solutions Security Program.
      • Integrate a product & solutions security strategy into the overall Zebra security strategy.

      Leadership:

      • Lead programs to ensure continuous development and improvement of security integration into the product & solutions development lifecycle.
      • Ensure security is pro-actively injected into all levels of the product/solutions development process.
      • Develop and actively lead a Product & Solutions Security steering committee and working group to prioritize efforts, shed light on issues, and work to resolve identified security risks.
      • Work to obtain the right mandate to ensure no new Zebra products or services are launched without the appropriate security involvement.
      • Ensure excellent consistency, documentation, and process across all programs.
      • Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
      • Manage the budget for the product security function; monitor and report any discrepancies.
      • Ensure talent management and career development for security staff are in place to reduce turn-over.

      Execution:

      • Drive secure development and integration of security features into all phases of hardware and software design and development.
      • Coordinate, participate, and deliver threat modeling for given designs and architectures.
      • Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
      • Contribute to maturing process, policy, and standards guidance.
      • Create a culture where security and risk management are considered foundational rather than afterthoughts.
      • Educate key stakeholders on program, risks, and importance of security in Zebra products & solutions.
      • Work with the business to identify, capture, escalate, and close security vulnerabilities found in Zebra Technologies products and platforms.
      • Leverage tools to deliver vulnerability information back to the development organization for remediation.
      • Coordinate security risk assessments for new products & solutions through the risk assessment team.
      • Maintain a risk register and risk visual with clearly defined owners for each risk.
      • Consult with the internal legal team to resolve potential legal compliance issues.
      • Develop product/solution security frameworks and standards to reduce development cycle of new products and services and to ensure consistency across the different products and platforms.

      Partnerships:

      • Partner with key product & solutions development leaders to ensure security is incorporated in all customer-facing product offerings.
      • Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
      • Partner with architecture and development leaders to develop shared software frameworks to enable consistent application of secure coding best practices across the enterprise.
      • Collaborate with other departments (e.g., Legal, Internal Audit, HR, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
      • Develop a team of business security liaisons across the various business divisions and groups to ensure that product & solution security is top of mind and to gain program breadth, visibility, and control of Zebra’s instrument/device environment.
      • Research latest security best practices when it comes to device/instrument/IoT, staying current on new vulnerabilities and threats and ensure these are addressed in Zebra’s products and services.

    Qualifications

    • Preferred Education:
      • Bachelor’s Degree in Science, Technology, Engineering, or Math (Master’s Degree a plus).
    • Preferred Work Experience (years):
      • Minimum of 15+ years of experience in IT or Engineering with 10+ years related work experience with product security, secure software development, risk assessment, or vulnerability management.
      • Past Senior Management, Director, or VP experience managing teams of senior security professionals.
      • CISSP, CISM, CRISC, or other relevant certification highly desired.
    • Key Skills and Competencies:
      • Experience finding and mitigating vulnerabilities in embedded devices.
      • Knowledge of applicable industry standards, leading security practices, and regulatory requirements potentially affecting Zebra’s products and services.
      • Deep understanding of cryptography, authentication, authorization, network security protocols, and web application security.
      • Strong exposure to popular application security standards including OWASP TOP 10, SANS TOP 25, etc.
      • Ability to explain and champion technical concepts to a broad audience focusing on business acumen.
      • Strong attention to detail, organizational skills.
      • Excellent customer service skills required.
      • Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements.
      • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
      • Ability to achieve results by influencing others where no hierarchical (or only “dotted line”) relation exists.
      • Experience managing leaders of others while demonstrating strong leadership and people management skills.
      • Experience managing large scale budgets.
      • Demonstrated ability to translate strategic initiatives.

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share with your network