Keywords:
Cyber Security, Application security, Product manager, Software, cyber threat management
Type:
Permanent employment
Location:
Zoetermeer
Education:
Bachelor (EQF 6)
Published:
08/10/2021
Status:
Open
Apply before:
31/12/2021
Hours p/wk:
40

Description:

At Siemens we are always challenging ourselves to build a better future.  We need the most innovative and diverse Digital Minds to develop tomorrow’s reality.  


Position Overview:

Reporting to the DI SW Cyber Security Officer, the Digital Industries Software (DI SW) Principal Product & Solution Security Officer (PPSSO) will be responsible for overseeing the Product & Solution Security Officers (PSSO) in each of the product groups.  The PPSSO will be responsible for implementing Siemens Digital DI SW global security strategy and security architecture for products, solutions and services.  The successful candidate will guide all aspects of DI SW’s Product & Solutions Security (PSS) program including software product development, customer facing application hosting, and cloud-based SaaS product offerings. 

 

The PPSSO must be capable of interacting effectively with executives, product development teams, operations teams, customers, and prospects.  The PPSSO must also possess a strong hands-on technical and security practitioner background and the ability to effectively collaborate with technical staff, understand governance, risk mitigation, and technical controls. As the leader of the Product & Solution Security program, the PPSSO establishes highly effective policies, follows corporate protocols and appropriate collaboration among teams that are consistent with Siemens AG overall security policies and coordinated with Siemens DI SW head Cyber Security Officer.

 

Essential Functions:

• Establish, drive, and maintain the Product & Solution Security strategy and derive the Product & Solution Security roadmap aligned with the CCSO, CSO and CEO

• Continuously assess and improve the state of security e.g. by using the PSS Maturity methodology

• Regularly report to the CCSO, CSO and CEO

• Advise executive management and product management with regard to security for all DI SW products, solutions and services

• Identify best practices and derive unit wide technical standards, processes & policies, for which an overall governance or guidance is in the business interest of DI SW via PSS Council

• Represent the organization in the Siemens-wide PSS Council.

• Establish application security across Security Software Development Lifecycle

• Drive security requirements through designing and ensuring architecture sign offs, delivering design documents and standards.

• Implement Automated Security common cloud CI CD process pipeline, while ensuring multiple global teams follow Siemens security standard framework including new acquisitions. 

• Support the Siemens DI SW Sec Ops strategy especially for SaaS and cloud products.

• Develop security roadmaps for each product group that aligns with technical and business risk, including identifying threats and potential areas for abuse in applications, specifying solutions and process matrices for addressing gaps. 

• Maintain alignment across Product & Solution Security Officers in each product area to execute security plans and metrics for both traditional products, 

• Develop and maintain documentation related to secure software development policies, processes, procedures, and reports

• Drive application technology security testing (white box, black box and code review . . .)

• Proficient at handling Information Siemens Security Compliance Programs, Information Security and Control Strategies, 

• Detailed technical knowledge in security engineering, Kuberntes, services-based cloud security, authentication and security protocols, cryptography, and application security.

• Continuously assess the current state of security to recommend new software tools and technologies as appropriate for the cloud environment.  

• Assist in defining the exception processes and making exception decisions.

• Assist various stakeholders in mapping security threats vs. product types and driving the tool and processes to be used by each software team. 

• Having experience in identifying SQL Injection, Script Injection, XSS, Phishing and CSRF attacks, etc.   

 

Skills and Abilities Required:

• Able to effectively communicate with senior management levels as well as being able to work in detail with product and security professionals. 

• Able to scale to the size of a top 15 software company like Siemens Digital Industries Software. 

• Outstanding verbal, written, presentation, facilitation, and interaction skills

• Deep technical knowledge of security strategy and security applications architectures

• Exceptional knowledge of software product development, customer facing application hosting, and cloud-based SaaS product offerings 

• Ability to work on multiple highly complex projects simultaneously 

• Exceptional time management, communication, decision-making, presentation, human relations, and organizational skills 

• Exceptional analytical, organizational, and leadership skills

• Ability to successfully work in a matrix organization

• Expert knowledge in: Security Activities and Practices in Lifecycle, Quality Audits and Assessments, Product & Solution Security (General), Incident and Vulnerability Handling, Communication, Project Management Methods, 

• Advanced knowledge in: Compliance, Product Management Methods, Product Lifecycle Management Processes (PLM), R&D and Engineering Processes and Tools, Continuous Improvement Process (CIP), Change Management, Competence Management Process, Domain-specific Products or Software Platforms (e.g. SaaS), Domain-specific Standards and Regulations (e.g. SaaS), Business English, Customer Knowledge, Conflict Management, Expert Coaching, Guiding without Authority,

• Basic knowledge in: Financial Knowledge, Contract Law Knowledge, Supply Chain Management Process, Process Planning and Industrial Engineering, IT Security Technologies, Product & Solution Security Technologies, Product & Solution Security (Testing), 

 

Education and Experience Requirement:

• 10+ year track record of progressive experience in Product & Solution Security and risk management in both on-premise and cloud environments. 

• Bachelor’s degree in engineering or software development with advanced degrees preferred.

 

#LI-PLM #LI-DK1

 

Organization: Digital Industries

Company: Siemens Industry Software Inc.

Experience Level: Experienced Professional

Job Type: Full-time

 

Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.

EEO is the Law
Applicants and employees are protected under Federal law from discrimination. 


Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision.