Detailansicht des Stellenangebots

Product and Solution Security Officer and CRA

Location: Nürnberg Department: SI GSW R&D APMO Job Grade: Non Senior Management ÜT-Kreis Mode of Employment: Permanent / Full-time
Knowledge for the world of tomorrow. For our continuous quality culture, we are looking for an experienced Product and Solution Security Officer (PSSO) driving the Product and Solution Security (PSS) program for software development within Siemens Smart Infrastructure Grid Software Business Unit (SI GSW).
The PSSO (R&D) has the responsibility to actively drive product & solution security across our SI GSW products and solutions to ensure an appropriate level of cybersecurity.
The Product & Solution Security Officer will act as “Continuous Security Agent” and will work with all other “Continuous X Agents” of the Agile Program Management Office (APMO) closely together to realize best practises, state-of-the-art as well as innovative approaches at the agile development teams. In order to achieve this, he/she will establish active community of practises, guilds, or other continuous learning approaches.
In this role the PSSO advises the particular R&D & PLM/PM leads as well as the senior management with regard to IT/Cybersecurity in cooperationwith the SI GSW Cybersecurity Officer and functional leadership to all PSSEs within Grid Software Business Unit.

What part will you play?
· Core responsibilty: Definition of cybersecurity policies and standards for the business unit’s software development activities.
· Actively manage product and solution security by introducing and maintaining security standards or attestations (ISO/IEC 27001, IEC 62443, NIS2, SOC2, NIST).
· Define Regulations & Support Implementation – Drive the definition of an individual PSS strategy and roadmap
· Based on individual implementation policy of the SI GSW product deployments, steer an improvement program to establish and maintain appropriate processes, methods, and tools in the development teams (e.g., integrate threat & risk analysis, security requirements engineering, secure architecture and design, hardening, secure coding, security testing)
· Define, support, and provide guidance on security requirements
· Lead and support cybersecurity compliance activities (Cybersecurity Resilience Act, IEC 62443) for R&D
· Support incident and vulnerability management for our products
· Drive important IT/Cybersecurity initiatives (from proof of Concepts (POC) until productive use) together with PSSEs, R&D agile experts, Release Train Engineers as well as agile teams of our SI GSW products, establishing a sustainable PSS solution for our customers
· Guide technological aspects – Ensure & continuously emphasize the importance of the needs to all the relevant stakeholders (i.e., Product Manager, Product Owner, Architects as well as team leads, etc.), that especially for IT/Cybersecurity topics there is the need to establish a continuous learning approach in the development teams
· Measure & Report - Track continuously the status of adherence and application of product and solution security standards, processes, and policies as well as the implementation policy
· Together with relevant stakeholders decide how to handle identified security risks in products and solutions and define risk acceptance criteria together
· Support Communication – Represent together with the assigned PSSE the R&D department in all product & solution security matters
What do you need to make real what matters?
· You have a Master's degree in computer science or a comparable history in cybesecurriy, information technology or a comparable field of study (Cybersecurity certifications - CISSP, CCSLP is an advantage)
· Extensive long-term experience with demonstrated expertise in cybersecurity, software development & engineering with in-depth knowledge of IT/Cybersecurity requirements
· You bring deep Knowledge of IEC 62443, ISO27000 and similar and years of experience with IT / Cybersecurity in product development, solutions design and OT operations
· You have experience implementing regulatory requirements in agile environments.
· You are actively committed to ensuring that the necessary expert knowledge is distributed and "lived" within the organization, e.g., by initiating "communities of practices", creating concrete "blueprints", i.e., templates and building blocks
· You convince with good knowledge in the areas of agile development and DevOps principles. Terms like pipelines and container technology are not unknown to you and you know the basic principle of such modern technologies
· Furthermore, you score with experience in agile scaling frameworks such as LESS or SAFe
· You work in an international environment of an agile project and development organization (with different cultures and influences) and excelin quality awareness
· You are able and comfortable to discuss and manage R&D teams, PM as well as managers in your daily tasks
· you can structure and guide new security related processes and regulation throughout the organizatzion
· You understand how to efficiently collaborate functionally across organizational and project boundaries and can communicate and convey content and risks to different organizational levels (incl. senior management)
· You communicate in business fluent English (German is a plus) and are able to get to the point in both languages
· Ideally, you have already been involved in the release of larger software projects or have actively participated in the release process. You find it easy to apply a risk assessment and the corresponding risk management afterwards