The application window is expected to close until further determined. Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

As a Senior Security Engineer, you will be a key member of the Device Risk and Compliance team, with a primary focus on Governance, Risk, and Compliance (GRC) and the development of robust cybersecurity risk management capabilities. You will partner across engineering, product, and compliance teams to strengthen our governance frameworks, establish and mature enterprise risk processes, and ensure secure innovation in network device environments. In this role, you will act as a domain authority guiding the design, execution, and continuous improvement of our risk management program. Your expertise will directly influence product security, regulatory compliance, and enterprise resilience, helping the organization stay ahead of evolving cyber threats and compliance requirements!

Example Responsibilities

- Support the deployment and ongoing maturity of cybersecurity risk management practices, including maintaining an enterprise Risk Register. - Lead comprehensive risk assessments for internal systems, engineering initiatives, and third-party vendors. - Assess vulnerabilities, quantify risks, and collaborate with risk owners to establish clear mitigation strategies. - Partner across security, engineering, and business functions to ensure GRC initiatives align with the cybersecurity roadmap and strategic business priorities. - Develop and define metrics and dashboards for risk measurement, compliance progress, and mitigation effectiveness. - Provide expert cybersecurity and compliance guidance to leadership on emerging regulatory requirements and evolving industry risks. - Support security certifications, compliance frameworks, and audit preparedness efforts for product and enterprise environments. - Contribute to cybersecurity awareness through GRC-related training and partner communication across departments.

You are an ideal candidate if you:

- Bring 10+ years of IT, security, or risk experience, with 5+ years focused in cybersecurity risk management, compliance, or governance. - Have in-depth knowledge of cybersecurity risk frameworks (NIST RMF, ISO 31000, ISO 27001) and regulatory compliance requirements. - Are experienced in audit readiness, governance models, and regulatory alignment within highly regulated industries. - Possess functional familiarity with IoT and network device security, including threats, vulnerabilities, and compliance concerns. - Are proficient with risk analysis methodologies, CVE/CWE scoring, and risk quantification practices. - Have experienced knowledge of GRC platforms (RSA Archer, ServiceNow GRC or equivalent experience preferred). - Communicate across technical and non-technical audiences, influencing team members with clear, actionable insights.

Preferred / Bonus Skills:

- Experience with ServiceNow GRC modules and integrations. - Familiarity with risk scoring methodologies for vulnerabilities or control findings. - Knowledge of IoT security compliance initiatives and certification frameworks. - Moderate scripting skills (Python, PowerShell, or Bash) for automation and reporting. - Confirmed understanding of networking security (TCP/IP, DNS, routing, firewalls, VPNs).

Qualifications:

- Bachelor’s degree in Information Security, Computer Science, Business, or a related field. - 10+ years of professional experience in IT, security, or risk functions. - 5+ years in a cybersecurity-focused analyst, architect, or SME role. - Expertise in cybersecurity governance, risk management, and compliance frameworks At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era - and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Simply put - we power the future. Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. We are Cisco, and our power starts with you.

#CiscoAIJobs #WeAreCisco

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

Message to applicants applying to work in the U.S. and/or Canada:

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.

Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco’s flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use, but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco’s Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:

.75% of incentive target for each 1% of revenue attainment up to 50% of quota;

1.5% of incentive target for each 1% of attainment between 50% and 75%;

1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.