Product Security Officer

JOB TITLE: Product security Officer

LOCATION: The position will ideally be based in Worthing UK but remote working would be possible.

THE ROLE:

The role of the Product Security Officer is paramount in an organization that develops and manufactures Industrial Control Devices Applications Systems and Services to meet the everincreasing Customer Industry regulation and Government legislation security requirements. The Product Security Officer has a strong technical product development background and a deep insight and understanding of product security with a proven track record to drive forward strategic objectives and initiatives and an impactful soft skill set to encourage and drive teams to adopt and comply with policies and procedures to meet the organization s product security goals and objectives.

RESPONSIBILITIES:

• The Product Security Officer primary responsibility is to define and lead the strategy for the Product Cyber Security domain. This will include but is not limited to research roadmap platforming standardization policies and procedures trends partnerships intellectual property and transfers innovation and expertise to offers.
  
• Develops a thorough understanding of Customer processes and of our offers to generate business opportunities and identifies threats.
  
• Promotes technical strategy through Internal and External papers blogs conferences etc.
  
• Influences international technical organizations by contributing actively and influences an international and multiorganization technical community through a crossfunctions (marketing sales ) network.
  
• Ensures development and capitalization of knowledge and knowhow.
  
• Leading a team of product security professionals including Security Advisors Security Architects
  
• Security Testers and Vulnerability Managers to assist teams with their compliance to Secure
  
• Development Lifecycle (SDL) Security Testing and Vulnerability Management (pre and post production) practices.
  
• Provide leadership and direction including development of a highperformance team talent & succession plan development performance management coaching mentoring training resource/business planning standards and processes.
  
• Develops direct reports with input from the other Leaders by agreeing specific targets and goals providing challenging and stretching tasks and assignments and holding regular development and career planning discussions.
  
• Ensures the correct mix of skills and experience is available in the team to meet business requirements.
  
• Regularly reviews and evaluates effectiveness and recommends changes to improve methodologies systems and processes to deliver the required service to the business.
  
• Ensures best practice is defined documented and adopted.
  
• Develop prepare and submit monthly metrics and implement additional measures as required to monitor or improve the performance of the department and business.
  
• Participate in annual CAPEX budget planning and propose new equipment solutions.
  
• Interview and hire new staff as needed.
  

SKILLS / COMPETANCIES:

• Engineering degree and >10 years of experience in product development engineering or similar.
  
• Background and proven track record (>5 years) in Cybersecurity threats and defense (e.g. technology procedures).
  
• Knowledge of data protection requirements.
  
• Proven track record in project management.
  
• Unwavering commitment to operational security and best practices and standards dealing with Product and Industrial Security (ED20x; ISO 2700x; IEC62443 ).
  
• Excellent interpersonal communication negotiation and management skills to drive multifunctional teams in a changing environment.
  
• Integrity and ethical sense required.
  
• Team player with the ability to work in an autonomous and resultdriven manner.
  
• Fluency in English.
  
• Knowledge of opensource software.
  
• Generic security certifications like CISSP and CISM.
  
• Outstanding interpersonal and networking skills and be able to build and maintain effective working relationships across other functions.
  

Personal skills

• Demonstrate the ability to communicate present and influence credibly and effectively at all levels of the organisation.
  
• A business enabling security attitude in opposite to a business disabling one.
  
• Strong analytical skills in combination with common sense.
  
• Ability to translate risks threats and vulnerabilities to business stakeholder level and to drive risk mitigation dealing with resistance and risk appetite.
  
• Proactive and selfmotivated attitude.
  
• Team player.
  

DESIRABLE:

• Proven uptodate experience with vulnerability scanning and/ or penetration testing.
  
• Proven experience in secure software development and secure programming.
  
• Experience with certificates and encryption techniques.
  
• Knowledge of virtualization and containerization technologies such as VMware Kubernetes and Docker.
  
• ISO9000/ TickIT procedures.
  
• Knowledge of opensource software.
  

EXPERIENCE & QUALIFICATIONS

• Minimum of 5 years experience in a similar role the candidate must have a proven track record of implementing change in a dynamic fastmoving environment.
  
• Honors Engineering degree or equivalent.
  

OTHER REQUIREMENTS

• Occasional overseas travel visiting group sites test laboratories and suppliers.