Sr. Cyber Security with Product Security Risk & Compliance Analyst

Required Skills & Experience:

• We are seeking a Product Security Risk & Compliance Analyst Contractor to support the ongoing development of cybersecurity risk management capabilities within a leading engineering business unit.
• This role is ideal for an experienced professional with a strong background in cyber risk governance, product security, and secure software development lifecycles (S-SDLC) particularly in IoT and network-connected device environments.
• This individual will help drive the maturity of the product security risk register, provide expert guidance to risk owners, and support compliance and security incident response readiness.
• This will be done while ensuring alignment with frameworks and regulatory standards such as MITRE ATT&CK, EMB3D, CVE/CWE, OWASP IoT/AppSec, NIST 218, and ETSI IoT.

Key Responsibilities:

• Serve as a subject matter expert supporting product-focused cyber risk, compliance, and governance initiatives for a broad network device product line.
• Collaborate with security, engineering, and product teams to identify, assess, and manage cybersecurity risks related to IoT and networked devices.
• Support the development and continuous improvement of a Product Security Risk Register, including documentation of risks, ownership, remediation and mitigation plans, communication, and closure timelines.
• Lead and document risk assessments, including threat, likelihood, criticality, and impact modeling, while providing actionable mitigation recommendations.
• Assist in establishing and evolving governance models aligned with internal policies and external standards/regulations.
• Support security compliance and audit initiatives, including both company-led and market certification-related efforts.
• Assist in coordinating risk response activities for escalated vulnerabilities or product security incidents.
• Contribute to the creation and tracking of KPIs, risk metrics, and dashboards, and support communication of risk posture to leadership.
• Interface with ServiceNow GRC modules across business units for structured risk tracking and reporting.
• Collaborate across product, engineering, security, and compliance teams to enhance security posture throughout the product lifecycle.

Required Qualifications:

• 3+ years in a cybersecurity risk analyst or governance role.
• 8+ years of direct experience in a cybersecurity role.
• Strong understanding of IoT and networked device security threats, vulnerabilities, controls, and mitigations.
• Hands-on experience with risk management programs, product security assessments, and compliance frameworks.
• Working knowledge of CVE and CWE scoring systems and cyber risk scoring methodologies.
• Familiarity with MITRE ATT&CK, EMB3D, and threat modeling.
• Solid understanding of secure SDLC practices and integrating security controls into product development.
• Excellent communication skills with the ability to translate complex cyber risks into actionable business insights.
• Familiarity with Slack/Teams, Jira, and Confluence.

Preferred / Nice-to-Have Skills:

• Hands-on experience with ServiceNow (especially GRC modules).
• Experience supporting product certifications, internal audits, or regulatory compliance.
• Exposure to vulnerability scanning tools and manual security assessments.
• Moderate scripting skills (e.g., Python, PowerShell, Bash) for automation or analysis.
• Experience contributing to security quality feedback loops within product teams.
• Experience developing or applying cyber risk scoring frameworks to assessment findings.