The Cisco Security Business Group (SBG) focuses on empowering the world to reach its full potential, securely through the Cisco Secure products. Within the SBG Security team, we support this mission by building thoughtful partnerships with our internal partners to drive security strategy alignment across the SBG portfolio to deliver simple, effective security solutions for our internal customers that meet both market and industry expectations.
Our team's mission is to become our internal customers' most trusted partners by building best-in-class security programs that shape the market with our research, make it easy for our customer teams within Cisco to develop secure software, protect our most valuable information and customer assets, and enable SBG employees to work securely as they deliver Cisco Secure products including Duo, Umbrella, SecureX, Talos, Amp for Endpoints, StealthWatch, Tetration, and beyond.
#WeAreCisco, where each person is unique and our team is our secret weapon. We run the spectrum from artists to analysts, low-key to high energy, and bring together a diversity of skill sets, experiences, and perspectives to solve the complex problems that come with securing a growing business. Together we build solutions that are easy, effective, trustworthy, and enduring.
We are looking for a Senior Security Risk Management Analyst to work as a team member on the execution of our risk management and governance program. Works closely with various stakeholders including, but not limited to, product security, legal, security operations, and sales teams. This role will focus on risk assessment, critical thinking, and problem solving to coordinate, improve, and participate in a variety of risk management and governance functions to safeguard SBG products. The position will directly contribute to the continuous build of the risk management and governance program.
What You Will Do:

• Facilitates the execution of risk management over various SBG products by engaging with a variety of internal and external stakeholders.
• Identifies, measures, monitors, and controls risk throughout SBG, including creating and enhancing policies, procedures, reports, and training over the risk framework.
• Performs risk analysis by collecting, analyzing, and summarizing information to produce reliable information for decision making.
• Provides support and guidance to stakeholders in the development and documentation of risk, control descriptions, and remediation plans.
• Facilitate root cause analyses and recommend proactive improvements to existing processes.
• Supports both business and risk management, reduces silos, and improves communication and oversight.
• Coordinates and assists in risk reporting, including developing new risk-related reports and dashboards for various stakeholders.
• Maintains monitoring of security controls and operating procedures in cooperation with internal teams.
• Helps manage compliance controls lifecycle including design, testing, and ongoing monitoring.
• Communicates with management on decisions that impact multiple programs and teams.

Skills You Have:

• Experience in governance, risk, and compliance systems and performing risk assessment activities for a technical company.
• Experience with GRC tooling, data analysis, and compliance automation.
• Ability to analyze, interpret, and utilize data to solve complex programs.
• Passion to continuously identify and execute on improvement opportunities.
• The ability to identify dependencies between complex projects and determine potential impact.
• The ability to drive collaboration and influence multiple teams, both technical and non-technical.
• Excellent verbal and interpersonal communication skills.
• Experience in IT controls monitoring for regulatory and compliance requirements such as SOC 2, PCI, ISO 27001, 27017, 27018, C5, ENS, IRAP, ISMAP, and FedRAMP.
• Experience in process design and technical writing.
• Ability to operate effectively in a remote environment.
• Self-starting, self-motivated, self-directed, and self-sufficient.

3 reasons to apply:

• You are a skilled team lead looking for new growth opportunities.
• You are passionate about how compliance enhances security operations and provides trust to customers.
• You love driving process improvements for a fast growing security company and partnering with teams to implement improvements.

3 reasons to not apply:

• If you need a lot of well-established policies and procedures before you can make decisions and drive results, this might not be the best role for you.
• If you are looking for a check-the-box driven security compliance program.
• If you do not think partnership drives security results at a company.

Our team is committed to cultivating and preserving a culture of inclusion and connectedness. We are able to grow and learn better together with a diverse team of employees. The collective sum of the individual differences, life experiences, knowledge, innovation, self-expression, and talent that our employees invest in their work represents not only part of our culture, but our reputation and Cisco's achievement as well. In recruiting for our team, we welcome the unique contributions that all potential candidates can bring in terms of their education, opinions, culture, ethnicity, race, gender identity and expression, nationality, age, languages spoken, veteran's status, religion, disability, sexual orientation and beliefs.
And if this role is exciting to you, we encourage you to apply even if you don't meet all 100% of the description or qualifications. Finally and most importantly, we are a proud Equal Opportunity Employer.
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we're "old" (36 years strong) and only about hardware, but we're also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do - you can't put us in a box
#LI-GS1
Cisco requires all U.S. employees to be fully vaccinated or have an approved religious or medical accommodation. Candidates accepting an offer must provide proof of vaccination status on their first day. If someone anticipates requesting an accommodation for this requirement, they must receive approval before the start date. Candidates receiving an offer will receive additional information about the accommodation process at the time of the offer. All offers of employment are contingent upon complying with Cisco's vaccination policy.