Novi, MI, USA
3 days ago
Sr. Product Cybersecurity Engineer - Governance, Risk & Compliance

At Polaris Inc., we have fun doing what we love by driving change and innovation. We empower employees to take on challenging assignments and roles with an elevated level of responsibility in our agile working environment. Our people make us who we are, and we create incredible products and experiences that empower us to THINK OUTSIDE.

ob Summary:  

Polaris, a global powersports leader, building world-class connected vehicle solutions for motorcycles and off-road vehicles, is looking for a Sr. Product Cybersecurity GRC (Governance, Risk, and Compliance) Engineer. This role is responsible for assessing and ensuring Polaris’s product cybersecurity compliance to international regulations and standards, understanding Polaris's product cybersecurity risk posture, ensuring that we follow industry best practices to perform risk assessment. This role will stay abreast of cybersecurity standards, policies, regulatory developments, perform independent cybersecurity assessment for internal projects and programs, perform internal process audits and support external audits. This role will provide guidance and support to cross-functional teams on cybersecurity governance, risk and compliance.  

 

Essential Duties & Responsibilities:  

Support the Chief Cybersecurity Engineer in developing, implementing, and executing Polaris’ enterprise-wide product cybersecurity risk management framework to ensure that product cybersecurity risks are identified, monitored, and remediated 

Lead the adoption, implementation, execution, and institutionalization of ISO/SAE 21434 standards across business units in Polaris  

Lead the product cybersecurity compliance to cybersecurity regulations such as United Nation Regulation 155 cybersecurity type approval, Cybersecurity Resilience Act, Machinery Regulation, Radio Equipment Directive, General Data Protection Regulation, etc.  

Review and approve Threat Analysis and Risk Assessment reports, perform independent project cybersecurity assessments, produce cybersecurity assessment report  

Guide and support product development teams in creating and reviewing product compliance work product and evidence  

Evaluate risk and vulnerability management methodologies and tools, review current strategies and identify gaps, propose improvements to leadership 

Develop, implement, and update product cybersecurity policies, processes, and procedures to protect sensitive information and product cybersecurity 

Perform internal process and project audit, prepare for external audit, and address non-conformities from audit results  

Manage supply chain cybersecurity risks, work with internal and external suppliers to compile and collect Hardware/Software Bill of Materials 

Establish vulnerability management system to manage vulnerabilities and Open Source Software compliance  

Work collaboratively with various organizations and business units and their leadership to drive cybersecurity compliance 

Write, communicate and present reports, detailing the assessment work completed, evidence reviewed, identified risks and remediation actions  

 
Skills & Knowledge:  

Minimum Qualifications:  

Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Software Engineering, System Engineering, or IT Security, focusing on automotive, product, or embedded systems cybersecurity, or IT Security GRC is required 

5+ years of cybersecurity engineering experience with at least 3 years of experience in cybersecurity with a focus on governance, risk and compliance 

Strong experience with implementing ISO/SAE 21434, TISAX, ISO 27001, UNR 155/156, CRA, MR, RED, GDPR, CCPA regulations and standards  

Strong knowledge of cybersecurity threat modeling, risk assessment methodologies, risk management frameworks (e.g., NIST cybersecurity framework), vulnerability management systems, supply chain security, SBOM, HBOM 

Experience with conducting TARA  

Knowledge in automotive product cybersecurity best practices from NIST, NHTSA, Auto-ISAC, ENISA 

Experience with internal audits, managing third party audits, and gathering evidence for audit response 

Experience in developing standards, guidelines, and policies and execute them in corporate environment 

 

Preferred Qualifications:  

Advanced degree in cybersecurity 

7+ years of experience in automotive product cybersecurity  

Professional certifications such as CISSP, CRISC, CISM, or CISA are strongly desired  

Effective project management skills  

Highly resourceful and efficient 

Able to effectively interface with other disciplines in the organization to achieve results 

Strong communication skills, both oral and written, at all levels 

We are an ambitious, resourceful, and driven workforce, which empowers us to THINK OUTSIDE.  Apply today!

At Polaris we put our employees first, by offering a holistic approach to their health and financial wellbeing.  Polaris is proud to offer competitive compensation, including a market-leading profit-sharing plan that is fundamental to our pay-for-performance culture. At Polaris, employees are owners of the company through company contributions to our Employee Stock Ownership Plan and discounted employee stock purchases plan. Employees receive a generous matching contribution to 401(k), financial wellness education and consultation to plan for their financial future. In addition to competitive pay, Polaris provides a comprehensive suite of benefits, including health, dental, and vision insurance, wellness programs, paid time off, gym & personal training reimbursement, life insurance and disability offerings.  Through the Polaris Foundation and our Polaris Gives paid volunteer time off, we support employees who actively volunteer their time, efforts, and passions to improve the health and wellbeing of the communities in which they live, play and work. Employees at Polaris drive our success and are rewarded for their commitment.

About Polaris

As the global leader in powersports, Polaris Inc. (NYSE: PII) pioneers product breakthroughs and enriching experiences and services that have invited people to discover the joy of being outdoors since our founding in 1954. Polaris' high-quality product line-up includes the Polaris RANGER®, RZR® and Polaris GENERAL™ side-by-side off-road vehicles; Sportsman® all-terrain off-road vehicles; military and commercial off-road vehicles; snowmobiles; Indian Motorcycle® mid-size and heavyweight motorcycles; Slingshot® moto-roadsters; Aixam quadricycles; Goupil electric vehicles; and pontoon and deck boats, including industry-leading Bennington pontoons. Polaris enhances the riding experience with a robust portfolio of parts, garments, and accessories. Proudly headquartered in Minnesota, Polaris serves more than 100 countries across the globe.  www.polaris.com  

EEO Statement


Polaris is an Equal Opportunity Employer and will make all employment-related decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, marital status, familial status, status with regard to public assistance, membership or activity in a local commission, protected veteran status, or any other status protected by applicable law.

Confirm your E-mail: Send Email