Product Security Resilience Manager

Product Security Resilience Manager

We are looking for a Product Security Resilience Manager to join us - someone with a forward-thinking approach, level-headed, and the ability to see limitless possibilities within security management in a progressive organization.

If modern technology, problem-solving, driving best practices and delivering secure solutions resonate with you, then we have a unique opportunity for you to develop your passion toward forming the next steps in product security architecture in a truly global organization.

What you would do as our Cyber Resilience Manager
This is a new position in our product security team where you'll have the opportunity to build and shape your role. With a background in product development or in IT within an agile environment along with your distinguished prioritization skills and reputable communication style, you will leverage expertise in risk management to mitigate exposures due to cyber threats and disasters.
  • Manage the Vulnerability Disclosure and Product Security Incident Response program by establishing, enhancing, monitor processes and procedures, regular testing and reporting, including training the organization.
  • Provide recommendations, guidance, and coordinate Product Security Incident Response activities during incidents or as a participant in a Crisis Management Team.
  • Lead gap analysis and post incident reviews to identify learnings to improve the Product Security organization in collaboration with key stakeholders.
  • Identify detective and preventative technology and automation to reduce the impact of security threats in advance.
  • Perform analysis of reported issues and work with product teams, partner and vendor teams to coordinate and manage vulnerabilities.
  • Perform analysis of publicly reported vulnerabilities and attacks in order to develop proactive capabilities to systematically address the identified vulnerabilities, impacts through recommendations and training to developers and leadership.
  • Build impactful security awareness training programs to enhance corporate knowledge and understanding of existing and potential risks, threats & trends.
  • Collaborate with colleagues within the Global Product Security team to enhance the effectiveness of the product security program.
Your Experience and Education include:
  • 3 years experience in working with Vulnerability Disclosure or Bug Bounty program.
  • Demonstrated ability as a lead during incidents and investigations according to recognized standards, frameworks, and processes such as ISO/IEC 29147, ISO/IEC 30111, FIRST.org.
  • Understanding of and experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
  • Experience working in an agile engineering design and development organization as part of a security team or as a developer.
  • Available to support and accommodate work schedules in GMT and/or Eastern time zone.
  • Good interpersonal capability to positively influence and drive change across business units and functions.
  • Strong communication skills to articulate complex and technical topics clearly to diverse audiences.
  • A holistic understanding of security and the application of security within the product space.
  • Domestic and international travel may be required.
Valued knowledge, experience, or certifications of the following:
  • Experience working with one or several security frameworks and standards such as MITRE ATT&CK/D3FEND, OWASP ASVS/ISVS, Cloud Controls Matrix.
  • Holder of, or committed to achieve, relevant certifications such as ECIH, GCIH, CISM, CSSLP or equivalent.
Ideally, you possess a high level of integrity coupled with unfailing composure. You demonstrate the ability to create a calm, transparent, and cooperative environment during stressful situations addressing uncertainty and complexity in a constructive manner. As a professional, you are structured, communicative, and thorough.

You have a genuine passion for cyber security and the will to constantly evolve both your own skills and knowledge. We believe in empowerment and developing agile leaders. Even if you do not match some of the desired skills and experience listed – we still love to hear from you!

By submitting your application to this position, you consent to undergo a security assessment in accordance with the Security Protection Act (2018:585) when the selection process is complete.

We review applications regularly, so don't wait

We are building diverse, inclusive teams, and encourage applications from everyone who can see themselves working with us. Just set up your profile and apply here, no later than 12 March 2023.

To make sure your personal data is safe, we don't look at any applications sent by email or post. If you have any questions about the role or the process, email Helene Lin, Tech Talent Acquisition Partner, at helene.lin@assaabloy.com
Mer info
Kontaktperson Helene Lin, Tech Talent Acquisition Partner
Email Mejla Helene Lin, Tech Talent Acquisition Partner
Område Landskrona
Yrkesroll Organisation & ledning, Projektledare, Data & IT
Typ av anställning Heltid, Tillsvidareanställd
Hemsida https://www.assaabloy.com/group/en
Sista ansökningsdag 24 feb 2023 (21 dagar kvar)

Om arbetsgivaren

We are the ASSA ABLOY Group Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 50,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces - physical and virtual - safer, more secure, and easier to access. As an employer, we value results - not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions - supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally. As we welcome new people on board, it's important to us to have diverse, inclusive teams, and we value different perspectives and experiences.