Product Security Officer - Worthing, United Kingdom - DigitalCube Consultancy

Description

The role of the Product Security Officer is paramount in an organization that develops and manufactures Industrial Control Devices, Applications, Systems and Services to meet the ever-increasing Customer, Industry regulation, and Government legislation security requirements.

The Product Security Officer has a strong technical product development background and a deep insight and understanding of product security, with a proven track record to drive forward strategic objectives and initiatives, and an impactful soft skill set to encourage and drive teams to adopt and comply with policies and procedures to meet the organization's product security goals and objectives.

• The Product Security Officer primary responsibility is to define and lead the strategy for the Product Cyber Security domain. This will include but is not limited to research roadmap, platforming, standardization, policies and procedures, trends, partnerships, intellectual property and transfers innovation and expertise to offers.
• Develops a thorough understanding of Customer processes and of our offers, to generate business opportunities and identifies threats.
• Promotes technical strategy through Internal and External papers, blogs, conferences etc.
• Influences international technical organizations by contributing actively and influences an international and multiorganization technical community through a crossfunctions (marketing, sales ) network.
• Ensures development and capitalization of knowledge and knowhow.
• Leading a team of product security professionals including Security Advisors, Security Architects,
• Security Testers, and Vulnerability Managers to assist teams with their compliance to Secure
• Development Lifecycle (SDL), Security Testing, and Vulnerability Management (pre

• Provide leadership and direction including development of a highperformance team, talent & succession plan development, performance management, coaching, mentoring, training, resource/business planning, standards, and processes.
• Develops direct reports, with input from the other Leaders, by agreeing specific targets and goals, providing challenging and stretching tasks and assignments and holding regular development and career planning discussions.
• Ensures the correct mix of skills and experience is available in the team to meet business requirements.
• Regularly reviews and evaluates effectiveness and recommends changes to improve methodologies, systems, and processes to deliver the required service to the business.
• Ensures best practice is defined, documented, and adopted.
• Develop, prepare, and submit monthly metrics, and implement additional measures as required to monitor or improve the performance of the department and business.
• Participate in annual CAPEX budget planning and propose new equipment solutions.
• Interview and hire new staff as needed.

• Engineering degree and >10 years of experience in product development, engineering or similar.
• Background and proven track record (>5 years) in Cybersecurity threats and defense (e.g., technology, procedures).
• Knowledge of data protection requirements.
• Proven track record in project management.
• Unwavering commitment to operational security and best practices and standards dealing with Product and Industrial Security (ED20x; ISO 2700x; IEC
• Excellent interpersonal, communication, negotiation, and management skills to drive multifunctional teams in a changing environment.
• Integrity and ethical sense required.
• Team player with the ability to work in an autonomous and resultdriven manner.
• Fluency in English.
• Knowledge of opensource software.
• Generic security certifications like CISSP, and CISM.
• Outstanding interpersonal and networking skills and be able to build and maintain effective working relationships across other functions.

• Demonstrate the ability to communicate, present and influence credibly and effectively at all levels of the organisation.
• A business enabling security attitude in opposite to a business disabling one.
• Strong analytical skills in combination with common sense.
• Ability to translate risks, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite.
• Proactive and selfmotivated attitude.
• Team player.

• Proven uptodate experience with vulnerability scanning and/ or penetration testing.
• Proven experience in secure software development and secure programming.
• Experience with certificates and encryption techniques.
• Knowledge of virtualization and containerization technologies such as VMware, Kubernetes, and Docker.
• ISO9000/ TickIT procedures.
• Knowledge of