Product and Solution Security Officer and CRA
SI GSW R&D APMO Job Grade: Non Senior Management ÜT-Kreis
Mode of Employment: Permanent / Full-time
For our continuous quality culture, we are looking for an experienced Product and Solution Security Officer (PSSO) driving the Product and Solution Security (PSS) program for software development within Siemens Smart Infrastructure Grid Software Business Unit (SI GSW).
The PSSO (R&D) has the responsibility to actively drive product & solution security across our SI GSW products and solutions to ensure an appropriate level of cybersecurity.
The Product & Solution Security Officer will act as “Continuous Security Agent” and will work with all other “Continuous X Agents” of the Agile Program Management Office (APMO) closely together to realize best practises, state-of-the-art as well as innovative approaches at the agile development teams. In this role the PSSO advises the particular R&D & PLM/PM leads as well as the senior management with regard to IT/Cybersecurity in cooperationwith the SI GSW Cybersecurity Officer and functional leadership to all PSSEs within Grid Software Business Unit.
Definition of cybersecurity policies and standards for the business unit’s software development activities.
· Actively manage product and solution security by introducing and maintaining security standards or attestations (ISO/IEC 27001, IEC 62443, NIS2, SOC2, NIST).
· Define Regulations & Support Implementation – Drive the definition of an individual PSS strategy and roadmap
· integrate threat & risk analysis, security requirements engineering, secure architecture and design, hardening, secure coding, security testing)
· Define, support, and provide guidance on security requirements
· Lead and support cybersecurity compliance activities (Cybersecurity Resilience Act, IEC 62443) for R&D
· Support incident and vulnerability management for our products
· Drive important IT/Cybersecurity initiatives (from proof of Concepts (POC) until productive use) together with PSSEs, R&D agile experts, Release Train Engineers as well as agile teams of our SI GSW products, establishing a sustainable PSS solution for our customers
· Product Manager, Product Owner, Architects as well as team leads, etc.), that especially for IT/Cybersecurity topics there is the need to establish a continuous learning approach in the development teams
· Measure & Report - Track continuously the status of adherence and application of product and solution security standards, processes, and policies as well as the implementation policy
· Together with relevant stakeholders decide how to handle identified security risks in products and solutions and define risk acceptance criteria together
· Support Communication – Represent together with the assigned PSSE the R&D department in all product & solution security matters
You have a Master's degree in computer science or a comparable history in cybesecurriy, information technology or a comparable field of study (Cybersecurity certifications - CISSP, CCSLP is an advantage)
· Extensive long-term experience with demonstrated expertise in cybersecurity, software development & engineering with in-depth knowledge of IT/Cybersecurity requirements
· You bring deep Knowledge of IEC 62443, ISO27000 and similar and years of experience with IT / Cybersecurity in product development, solutions design and OT operations
· You work in an international environment of an agile project and development organization (with different cultures and influences) and excelin quality awareness
· you can structure and guide new security related processes and regulation throughout the organizatzion
· You understand how to efficiently collaborate functionally across organizational and project boundaries and can communicate and convey content and risks to different organizational levels (incl. You communicate in business fluent English (German is a plus) and are able to get to the point in both languages
· Ideally, you have already been involved in the release of larger software projects or have actively participated in the release process. You find it easy to apply a risk assessment and the corresponding risk management afterwards