Sr. Product Cybersecurity Engineer - Governance, Risk & Compliance

Company: Disability Solutions
Location: Novi
Posted on: February 5, 2025

Job Description:

At Polaris Inc., we have fun doing what we love by driving change and innovation. We empower employees to take on challenging assignments and roles with an elevated level of responsibility in our agile working environment. Our people make us who we are, and we create incredible products and experiences that empower us to THINK OUTSIDE.ob Summary: Polaris, a global powersports leader, building world-class connected vehicle solutions for motorcycles and off-road vehicles, is looking for a Sr. Product Cybersecurity GRC (Governance, Risk, and Compliance) Engineer. This role is responsible for assessing and ensuring Polaris's product cybersecurity compliance to international regulations and standards, understanding Polaris's product cybersecurity risk posture, ensuring that we follow industry best practices to perform risk assessment. This role will stay abreast of cybersecurity standards, policies, regulatory developments, perform independent cybersecurity assessment for internal projects and programs, perform internal process audits and support external audits. This role will provide guidance and support to cross-functional teams on cybersecurity governance, risk and compliance. Essential Duties & Responsibilities:

• Support the Chief Cybersecurity Engineer in developing, implementing, and executing Polaris' enterprise-wide product cybersecurity risk management framework to ensure that product cybersecurity risks are identified, monitored, and remediated
  • Lead the adoption, implementation, execution, and institutionalization of ISO/SAE 21434 standards across business units in Polaris
    • Lead the product cybersecurity compliance to cybersecurity regulations such as United Nation Regulation 155 cybersecurity type approval, Cybersecurity Resilience Act, Machinery Regulation, Radio Equipment Directive, General Data Protection Regulation, etc.
      • Review and approve Threat Analysis and Risk Assessment reports, perform independent project cybersecurity assessments, produce cybersecurity assessment report
        • Guide and support product development teams in creating and reviewing product compliance work product and evidence
          • Evaluate risk and vulnerability management methodologies and tools, review current strategies and identify gaps, propose improvements to leadership
            • Develop, implement, and update product cybersecurity policies, processes, and procedures to protect sensitive information and product cybersecurity
              • Perform internal process and project audit, prepare for external audit, and address non-conformities from audit results
                • Manage supply chain cybersecurity risks, work with internal and external suppliers to compile and collect Hardware/Software Bill of Materials
                  • Establish vulnerability management system to manage vulnerabilities and Open Source Software compliance
                    • Work collaboratively with various organizations and business units and their leadership to drive cybersecurity compliance
                      • Write, communicate and present reports, detailing the assessment work completed, evidence reviewed, identified risks and remediation actionsSkills & Knowledge: Minimum Qualifications:
                        • Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Software Engineering, System Engineering, or IT Security, focusing on automotive, product, or embedded systems cybersecurity, or IT Security GRC is required
                          • 5+ years of cybersecurity engineering experience with at least 3 years of experience in cybersecurity with a focus on governance, risk and compliance
                            • Strong experience with implementing ISO/SAE 21434, TISAX, ISO 27001, UNR 155/156, CRA, MR, RED, GDPR, CCPA regulations and standards
                              • Strong knowledge of cybersecurity threat modeling, risk assessment methodologies, risk management frameworks (e.g., NIST cybersecurity framework), vulnerability management systems, supply chain security, SBOM, HBOM
                                • Experience with conducting TARA
                                  • Knowledge in automotive product cybersecurity best practices from NIST, NHTSA, Auto-ISAC, ENISA
                                    • Experience with internal audits, managing third party audits, and gathering evidence for audit response
                                      • Experience in developing standards, guidelines, and policies and execute them in corporate environmentPreferred Qualifications:
                                        • Advanced degree in cybersecurity
                                          • 7+ years of experience in automotive product cybersecurity
                                            • Professional certifications such as CISSP, CRISC, CISM, or CISA are strongly desired
                                              • Effective project management skills
                                                • Highly resourceful and efficient
                                                  • Able to effectively interface with other disciplines in the organization to achieve results
                                                    • Strong communication skills, both oral and written, at all levels#LI-CS99To qualify for this position, former employees must be eligible for rehire, and current employees must be in good standing.We are an ambitious, resourceful, and driven workforce, which empowers us to THINK OUTSIDE. Apply today!At Polaris we put our employees first, by offering a holistic approach to their health and financial wellbeing. Polaris is proud to offer competitive compensation, including a market-leading profit-sharing plan that is fundamental to our pay-for-performance culture. At Polaris, employees are owners of the company through company contributions to our Employee Stock Ownership Plan and discounted employee stock purchases plan. Employees receive a generous matching contribution to 401(k), financial wellness education and consultation to plan for their financial future. In addition to competitive pay, Polaris provides a comprehensive suite of benefits, including health, dental, and vision insurance, wellness programs, paid time off, gym & personal training reimbursement, life insurance and disability offerings. Through the Polaris Foundation and our Polaris Gives paid volunteer time off, we support employees who actively volunteer their time, efforts, and passions to improve the health and wellbeing of the communities in which they live, play and work. Employees at Polaris drive our success and are rewarded for their commitment.About PolarisAs the global leader in powersports, Polaris Inc. (NYSE: PII) pioneers product breakthroughs and enriching experiences and services that have invited people to discover the joy of being outdoors since our founding in 1954. Polaris' high-quality product line-up includes the Polaris RANGER--, RZR-- and Polaris GENERAL--- side-by-side off-road vehicles; Sportsman-- all-terrain off-road vehicles; military and commercial off-road vehicles; snowmobiles; Indian Motorcycle-- mid-size and heavyweight motorcycles; Slingshot-- moto-roadsters; Aixam quadricycles; Goupil electric vehicles; and pontoon and deck boats, including industry-leading Bennington pontoons. Polaris enhances the riding experience with a robust portfolio of parts, garments, and accessories. Proudly headquartered in Minnesota, Polaris serves more than 100 countries across the globe. www.polaris.com EEO StatementPolaris is an Equal Opportunity Employer and will make all employment-related decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, marital status, familial status, status with regard to public assistance, membership or activity in a local commission, protected veteran status, or any other status protected by applicable law.

Keywords: Disability Solutions, Troy , Sr. Product Cybersecurity Engineer - Governance, Risk & Compliance, Engineering , Novi, Michigan