Cybersecurity Engineer assessing and designing Zero Trust Architecture for SSA. Focusing on gap analysis and implementation strategies across zero trust pillars and aligning with business processes.
About the role
- Product Security Risk Manager responsible for evolving risk management capabilities at Red Hat. Collaborating across product management and engineering to drive risk governance and reporting.
Responsibilities
- Own and Evolve the Risk Management Methodology : Develop, own, and manage the central Product Security risk register, establishing it as the single source of truth for tracking and decision-making.
- Assess and Quantify Risk : Partner with technical teams to establish a consistent methodology for assessing and quantifying risk that goes beyond traditional severity scores to incorporate business context such as product impact, revenue, and reputational damage.
- Translate and Articulate Risks : Translate complex technical issues and compliance gaps into clear, quantifiable business impact for non-technical audiences.
- Drive Governance and Coordination : Lead a cross-functional risk governance committee to review and act on top risks.
- Create Tailored Reporting : Design and deliver tailored risk reports, metrics, and dashboards for diverse audiences, including executive leadership, product engineering leaders, legal, and sales organizations.
- Improve and Standardize Processes : Build a structured, repeatable program for risk identification, assessment, and communication across the organization.
- Build Thought Leadership : Develop learning and development materials to foster a culture of risk awareness.
Requirements
- 7+ years of experience in product security, application security, or a technical GRC (Governance, Risk, and Compliance) role.
- Deep understanding of core security concepts, including the Secure Development Lifecycle (SDL), threat modeling, vulnerability management, and risk assessment methodologies.
- Experience building and managing a risk register using dedicated GRC platforms or other tools like Jira.
- A bachelor's degree in a related field or an industry certification like CISSP, CGRC, CRISC or CISM are beneficial but not required.
- Exceptional ability to translate deep technical issues into clear business risks, explaining the "so what" to senior leaders.
- Excellent verbal and written communication skills, with experience presenting to both executive and technical audiences in highly collaborative environments.
- Proven skill in influencing cross-functional teams and senior leadership without direct authority.
- A process-oriented mindset with demonstrated experience building structured programs from ambiguous or ad-hoc processes.
- High attention to detail and the ability to break down large, complex strategies into achievable actions and tasks.
- Strong organizational skills to manage multiple stakeholders and drive complex projects to completion.
- Proactively leverage AI technologies to streamline workflows, simplify complexity, and enhance overall efficiency.
Benefits
- Comprehensive medical, dental, and vision coverage
- Flexible Spending Account - healthcare and dependent care
- Health Savings Account - high deductible medical plan
- Retirement 401(k) with employer match
- Paid time off and holidays
- Paid parental leave plans for all new parents
- Leave benefits including disability, paid family medical leave, and paid military leave
- Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!
Job title
Job type
Experience level
Salary
Degree requirement
Location requirements
Senior Cybersecurity Assessor conducting cybersecurity program assessments using NIST CSF and RMF principles. Identifying strengths and weaknesses while developing recommendations for improvement in the Agency’s cybersecurity posture.
Senior Cybersecurity Risk Advisor providing expert - level guidance to Agency’s CSRM Program Team and executives. Reviewing deliverables and ensuring alignment with federal guidance and best practices.
Mid - level SailPoint Identity Security Cloud Platform Specialist enhancing Identity and Access Management at Boeing. Collaborating on application onboarding and identity governance solutions for a transforming IAM ecosystem.
Security Guard ensuring safety and security at Lincoln Electric facility in Euclid, Ohio. Monitoring access control systems, alarm systems, and coordinating emergency responses effectively.
Cybersecurity & Data Security Junior Associate supporting organizations in data protection through risk assessments and policy development. Collaborating with teams for meaningful contributions in cybersecurity.
Senior Security Consultant delivering complex cybersecurity engagements for high - profile clients. Advising organizations on critical national infrastructure security and compliance.
Safety Specialist focused on fortifying safety culture through engineering and efficiency measures. Managing compliance and conducting training in a hybrid work setting.
Manufacturing Security Specialist ensuring safe and secure satellite manufacturing at ICEYE. Focused on protecting facilities, production, and sensitive information from threats.
Information Security Specialist responsible for implementing security solutions in Tokio Marine. Analyzing and enhancing cybersecurity architectures and tools for diverse IT projects.