At Polaris Inc., we have fun doing what we love by driving change and innovation. We empower employees to take on challenging assignments and roles with an elevated level of responsibility in our agile working environment. Our people make us who we are, and we create incredible products and experiences that empower us to THINK OUTSIDE.ob Summary:Polaris, a global powersports leader, building world-class connected vehicle solutions for motorcycles and off-road vehicles, is looking for a Sr. Product Cybersecurity GRC (Governance, Risk, and Compliance) Engineer. This role is responsible for assessing and ensuring Polaris’s product cybersecurity compliance to international regulations and standards, understanding Polaris’s product cybersecurity risk posture, ensuring that we follow industry best practices to perform risk assessment. This role will stay abreast of cybersecurity standards, policies, regulatory developments, perform independent cybersecurity assessment for internal projects and programs, perform internal process audits and support external audits. This role will provide guidance and support to cross-functional teams on cybersecurity governance, risk and compliance.Essential Duties & Responsibilities:Support the Chief Cybersecurity Engineer in developing, implementing, and executing Polaris’ enterprise-wide product cybersecurity risk management framework to ensure that product cybersecurity risks are identified, monitored, and remediatedLead the adoption, implementation, execution, and institutionalization of ISO/SAE 21434 standards across business units in PolarisLead the product cybersecurity compliance to cybersecurity regulations such as United Nation Regulation 155 cybersecurity type approval, Cybersecurity Resilience Act, Machinery Regulation, Radio Equipment Directive, General Data Protection Regulation, etc.Review and approve Threat Analysis and Risk Assessment reports, perform independent project cybersecurity assessments, produce cybersecurity assessment reportGuide and support product development teams in creating and reviewing product compliance work product and evidenceEvaluate risk and vulnerability management methodologies and tools, review current strategies and identify gaps, propose improvements to leadershipDevelop, implement, and update product cybersecurity policies, processes, and procedures to protect sensitive information and product cybersecurityPerform internal process and project audit, prepare for external audit, and address non-conformities from audit resultsManage supply chain cybersecurity risks, work with internal and external suppliers to compile and collect Hardware/Software Bill of MaterialsEstablish vulnerability management system to manage vulnerabilities and Open Source Software complianceWork collaboratively with various organizations and business units and their leadership to drive cybersecurity complianceWrite, communicate and present reports, detailing the assessment work completed, evidence reviewed, identified risks and remediation actionsSkills & Knowledge:Minimum Qualifications:Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Software Engineering, System Engineering, or IT Security, focusing on automotive, product, or embedded systems cybersecurity, or IT Security GRC is required5+ years of cybersecurity engineering experience with at least 3 years of experience in cybersecurity with a focus on governance, risk and complianceStrong experience with implementing ISO/SAE 21434, TISAX, ISO 27001, UNR 155/156, CRA, MR, RED, GDPR, CCPA regulations and standardsStrong knowledge of cybersecurity threat modeling, risk assessment methodologies, risk management frameworks (e.g., NIST cybersecurity framework), vulnerability management systems, supply chain security, SBOM, HBOMExperience with conducting TARAKnowledge in automotive product cybersecurity best practices from NIST, NHTSA, Auto-ISAC, ENISAExperience with internal audits, managing third party audits, and gathering evidence for audit responseExperience in developing standards, guidelines, and policies and execute them in corporate environmentPreferred Qualifications:Advanced degree in cybersecurity7+ years of experience in automotive product cybersecurityProfessional certifications such as CISSP, CRISC, CISM, or CISA are strongly desiredEffective project management skillsHighly resourceful and efficientAble to effectively interface with other disciplines in the organization to achieve resultsStrong communication skills, both oral and written, at all levelsWe are an ambitious, resourceful, and driven workforce, which empowers us to THINK OUTSIDE. Apply today!At Polaris we put our employees first, by offering a holistic approach to their health and financial wellbeing. Polaris is proud to offer competitive compensation, including a market-leading profit-sharing plan that is fundamental to our pay-for-performance culture. At Polaris, employees are owners of the company through company contributions to our Employee Stock Ownership Plan and discounted employee stock purchases plan. Employees receive a generous matching contribution to 401(k), financial wellness education and consultation to plan for their financial future. In addition to competitive pay, Polaris provides a comprehensive suite of benefits, including health, dental, and vision insurance, wellness programs, paid time off, gym & personal training reimbursement, life insurance and disability offerings. Through the Polaris Foundation and our Polaris Gives paid volunteer time off, we support employees who actively volunteer their time, efforts, and passions to improve the health and wellbeing of the communities in which they live, play and work. Employees at Polaris drive our success and are rewarded for their commitment.About PolarisAs the global leader in powersports, Polaris Inc. (NYSE: PII) pioneers product breakthroughs and enriching experiences and services that have invited people to discover the joy of being outdoors since our founding in 1954. Polaris’ high-quality product line-up includes the Polaris RANGER®, RZR® and Polaris GENERAL™ side-by-side off-road vehicles; Sportsman® all-terrain off-road vehicles; military and commercial off-road vehicles; snowmobiles; Indian Motorcycle® mid-size and heavyweight motorcycles; Slingshot® moto-roadsters; Aixam quadricycles; Goupil electric vehicles; and pontoon and deck boats, including industry-leading Bennington pontoons. Polaris enhances the riding experience with a robust portfolio of parts, garments, and accessories. Proudly headquartered in Minnesota, Polaris serves more than 100 countries across the globe.EEO StatementPolaris is an Equal Opportunity Employer and will make all employment-related decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, marital status, familial status, status with regard to public assistance, membership or activity in a local commission, protected veteran status, or any other status protected by applicable law.
Read More
