Cisco Senior Security Engineer Canada, Ontario, Ottawa 882190874
As a Senior Security Engineer, you will be a key member of the Device Risk and Compliance team, with a primary focus on Governance, Risk, and Compliance (GRC) and the development of robust cybersecurity risk management capabilities. You will partner across engineering, product, and compliance teams to strengthen our governance frameworks, establish and mature enterprise risk processes, and ensure secure innovation in network device environments.
- Support the deployment and ongoing maturity of cybersecurity risk management practices, including maintaining an enterprise Risk Register.
- Lead comprehensive risk assessments for internal systems, engineering initiatives, and third-party vendors.
- Assess vulnerabilities, quantify risks, and collaborate with risk owners to establish clear mitigation strategies.
- Partner across security, engineering, and business functions to ensure GRC initiatives align with the cybersecurity roadmap and strategic business priorities.
- Develop and define metrics and dashboards for risk measurement, compliance progress, and mitigation effectiveness.
- Provide expert cybersecurity and compliance guidance to leadership on emerging regulatory requirements and evolving industry risks.
- Support security certifications, compliance frameworks, and audit preparedness efforts for product and enterprise environments.
- Contribute to cybersecurity awareness through GRC-related training and partner communication across departments.
- Bring 10+ years of IT, security, or risk experience, with 5+ years focused in cybersecurity risk management, compliance, or governance.
- Have in-depth knowledge of cybersecurity risk frameworks (NIST RMF, ISO 31000, ISO 27001) and regulatory compliance requirements.
- Are experienced in audit readiness, governance models, and regulatory alignment within highly regulated industries.
- Possess functional familiarity with IoT and network device security, including threats, vulnerabilities, and compliance concerns.
- Are proficient with risk analysis methodologies, CVE/CWE scoring, and risk quantification practices.
- Have experienced knowledge of GRC platforms (RSA Archer, ServiceNow GRC or equivalent experience preferred).
- Communicate across technical and non-technical audiences, influencing team members with clear, actionable insights.
- Experience with ServiceNow GRC modules and integrations.
- Familiarity with risk scoring methodologies for vulnerabilities or control findings.
- Knowledge of IoT security compliance initiatives and certification frameworks.
- Moderate scripting skills (Python, PowerShell, or Bash) for automation and reporting.
- Confirmed understanding of networking security (TCP/IP, DNS, routing, firewalls, VPNs).
- Bachelor’s degree in Information Security, Computer Science, Business, or a related field.
- 10+ years of professional experience in IT, security, or risk functions.
- 5+ years in a cybersecurity-focused analyst, architect, or SME role.
- Expertise in cybersecurity governance, risk management, and compliance frameworks
משרות נוספות שיכולות לעניין אותך
