Product Security Director

Overview Reporting into the Chief Security Officer (CSO), the Product Security Director has global responsibility for the Global Product & Solutions Security program including the strategy, planning, and execution. They will own the overarching program which will be responsible for ensuring security is integrated into relevant Zebra products and solutions. Responsibilities Strategy: Develop and lead the strategic vision to manage both internal and external risks associated with Zebra products and solutions. Ensure this strategy is aligned with the overall product and solutions strategy. Build out a cost-effective organization of security professionals to support the Global Product & Solutions Security Program. Integrate a product & solutions security strategy into the overall Zebra security strategy. Leadership: Lead programs to ensure continuous development and improvement of security integration into the product & solutions development lifecycle. Ensure security is pro-actively injected into all levels of the product/solutions development process. Develop and actively lead a Product & Solutions Security steering committee and working group to prioritize efforts, shed light on issues, and work to resolve identified securityrisks. Work to obtain the right mandate to ensure no new Zebra products or services are launched without the appropriate security involvement. Ensure excellent consistency, documentation, and process across all programs. Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices. Manage the budget for the product security function; monitor and report any discrepancies. Ensure talent management and career development for security staff are in place to reduce turn-over. Execution: Drive secure development and integration of security features into all phases of hardware and software design and development. Coordinate, participate, and deliver threat modeling for given designs and architectures. Coordinate/participate in and perform design reviews, peer reviews, and code reviews. Contribute to maturing process, policy, and standards guidance. Create a culture where security and risk management are considered foundational rather than afterthoughts. Educate key stakeholders on program, risks, and importance of security in Zebra products & solutions. Work with the business to identify, capture, escalate, and close security vulnerabilities found in Zebra Technologies products and platforms. Leverage tools to deliver vulnerability information back to the development organization for remediation. Coordinate securityrisk assessments for new products & solutions through the risk assessment team. Maintain a risk register and risk visual with clearly defined owners for each risk. Consult with the internal legal team to resolve potential legal compliance issues. Develop product/solution security frameworks and standards to reduce development cycle of new products and services and to ensure consistency across the different products and platforms. Partnerships: Partner with key product & solutions development leaders to ensure security is incorporated in all customer-facing product offerings. Build solid working relationships with business stakeholders to maintain and improve product and application security processes. Partner with architecture and development leaders to develop shared software frameworks to enable consistent application of secure coding best practices across the enterprise. Collaborate with other departments (e.g., Legal, Internal Audit, HR, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution. Develop a team of business security liaisons across the various business divisions and groups to ensure that product & solution security is top of mind and to gain program breadth, visibility, and control of Zebra's instrument/device environment. Research latest security best practices when it comes to device/instrument/IoT, staying current on new vulnerabilities and threats and ensure these are addressed in Zebra's products and services. Qualifications Preferred Education: Bachelor's Degree in Science, Technology, Engineering, or Math (Master's Degree a plus). Preferred Work Experience (years): Minimum of 15+ years of experience in IT or Engineering with 10+ years related work experience with product security, secure software development, risk assessment, or vulnerability management. Past Senior Management, Director, or VP experience managing teams of senior security professionals. CISSP, CISM, CRISC, or other relevant certification highly desired. Key Skills and Competencies: Experience finding and mitigating vulnerabilities in embedded devices. Knowledge of applicable industry standards, leading security practices, and regulatory requirements potentially affecting Zebra's products and services. Deep understanding of cryptography, authentication, authorization, networksecurity protocols, and web application security. Strong exposure to popular application security standards including OWASP TOP 10, SANS TOP 25, etc. Ability to explain and champion technical concepts to a broad audience focusing on business acumen. Strong attention to detail, organizational skills. Excellent customer service skills required. Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements. Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts. Ability to achieve results by influencing others where no hierarchical (or only "dotted line") relation exists. Experience managing leaders of others while demonstrating strong leadership and people management skills. Experience managing large scale budgets. Demonstrated ability to translate strategic initiatives. 53579
Salary Range: NA
Minimum Qualification
15+ years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Associate Director, Advancement
New York City, NY Michael J. Fox Foundation
Associate Director, Research Programs
New York City, NY Michael J. Fox Foundation
Manager Security Operations (ERAP Eligible)
Upton, NY Brookhaven Science Associates