Information Security Risk Manager - CPX Engineering
Area of InterestInformation Technology
Who We Are
Cisco’s Customer Experience (CX) organization is one of our fastest growing teams, and the CX Engineering & Product Incubation organization is redefining how Cisco delivers value to our customers & partners via our product portfolio. This team is charged with securing the offerings from CX Engineering & Product Incubation.
What You'll Do
You provide advice and guidance on a wide variety of information security issues, concerns, and problems and ensure that all development of applications and processes include adequate control measures. You will gain widespread support of and compliance with security requirements.
You identify, analyze and report information risks to all required levels of management, ensuring clear and directed communication appropriate for the audience so that they fully understand the risks and risk management options and are able to make risk-aware decisions.
You guide company employees at all levels to make decisions while in consideration of security risks, offering mitigating strategies as appropriate to the business area and overall risk tolerance levels. You further ensure that the proper parties are engaged to assist in implementing security controls determined to be appropriate for mitigating the posed risks.
You are also familiar with corporate obligations, including prevailing laws, organizational culture, management style, and business activities.
- Act as the primary security point of contact for projects and initiatives
- Provides expertise and information risk control consultation
- Regularly consults with business leaders and product owners to understand security needs and impacts of security decisions on business processes as well as to communicate risks
- As part of project development or business application or process improvement, assists in the development of efficient and practical information security systems, procedures and controls
- Participates as a technical advisor for a variety of ad-hoc security projects
- Designs and implements an integrated risk management approach that applies operating controls to manage information security risks
- Implements information security policies, standards, and other requirements
- Guides staff in their efforts to develop applications maintaining secure coding practices and interpret the output of code analysis tools
- Addresses information security related issues and findings, ensuring that remedial actions as well as long term solutions are executed to mitigate the underlying risks
Who You'll Work With
You'll be part of an innovative security team redefining the way that Cisco protects data stored in the cloud. Our team is passionate about security and applies savvy risk-based thinking to create the best outcomes for our customers.
You'll work with other teams within CX Engineering, such as top skilled cloud operations, application, and platform engineers. You'll also work closely with other security professionals across Cisco to implement a new way to secure the Cloud.
Who You Are
You possess a Master's degree (BS/BA with additional experience will be considered), and at least 7 years of security experience, with a passion for information risk management and balancing controls with business needs. While you have deep technical expertise, you thrive by applying this expertise to gain support and understanding from developers, product owners, and business leaders. You're comfortable working with people of all backgrounds and helping them be successful while improving security.
You have experience securing Cloud systems. You enjoy mentoring technical personnel. You're passionate about applied security risk management. You bring deep knowledge of technical control mechanisms, authentication and authorization methodologies, DevSecOps, and industry security standards such as NIST, ISO, FedRamp, and others. You may have one or more security certifications, particularly those with a Cloud focus (CISSP, CCSP, AWS Cloud certifications, etc.).
You Are Highly Capable Of
Effectively communicating complex technical ideas to peers, executives, and customers. You're the perfect balance of advanced technical knowledge and strategic business acuity who is comfortable engaging with senior-level decision makers to convey business value of security. You're a strong leader who holds yourself and others accountable to deliver excellent results with little guidance. You view security as a service. You show full commitment to customer satisfaction, out-of-the-box thinking, analytical reasoning, and creative problem solving skills. You have a keen ability to switch from high-level thinking to realistic and pragmatic execution.
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!
But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.
So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!