- The PSSO is a management role with technical background and system architecture thinking to support development team, has the responsibility to actively drive product & solution security, reports to Principal PSSO and to the head of DI FA Business Line China.
- Advises executive management, product management, project management, R&D head and manufacturing heads with regard to security for all Siemens products, solutions and services.
- In cooperation with the Principal PSSO, she / he advices appropriate processes and structures to introduce security into products and drive the security strategy.
- Based on individual implementation policy of the BU/site/country steer a process improvement program to establish and maintain appropriate processes (e.g. security requirements engineering, integrated threat and risk analysis, secure architecture and design, hardening, secure coding, security testing into PLM and PM, SCM)
- Ensure organizational preparedness for product & solution security of BU/site/country (e.g. trainings, roles & responsibilities). Ensure that stakeholders own required knowhow about product and solution security.
- Implement and manage incident & vulnerability handling activities and process. Drive classification of the vulnerabilities & incidents and perform final alignment with Principal PSSO.
- Implement supplier qualification and certification program.
- Coordinate relevant standardization and regulation for product and solution security and required certifications of products, solutions, processes, or organizations with business in line with respective Businesses.
- Coordinate and steer technical direction for product and solution security mechanisms with PSSE (product & solution security expert) in the respective projects.
- Coordination of product & solution security topics with legal, import and export.
- Degree in computer science, IT security, electronics or related fields.
- Certification program Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP)
- Basic and broad experience in security. Being able to estimate security threats and risks. Ability to analyze and evaluate security impacts on divisional mid-term strategy.
- Can understand the technical discussion related to security design concept and make decision to accept or reject the plan, aligned with PSSE (product & solution security expert).
- Competency to mediate between executive management and technical staff. Ability to work in matrix-organization. Experienced with leading without disciplinary power scenarios, proven technical management experience.
- Equivalent to project management experience of a certified PM or responsibility for a portfolio of small projects for a minimum of 24 months, Experience with crisis management in projects, experience with process improvement projects, change management.
- Knowledge about contract law, compliance, quality audits and assessments, security activities and practices in lifecycle, domain-specific products or SW platform technology, basic IT security technology, R&D process and tools, PLM processes, CIP.
- Minimum 5 years’ experience managing a team around 10 members, knowledge acquired min 5 years in his product, solution or service and customer world.
- Good logic analysis and strong leadership. Good communication skill and intercultural competence.
- You are fluent in English (oral and written) – additional languages are plus.
Organization: Digital Industries
Company: Siemens Ltd., China
Experience Level: Experienced Professional
Job Type: Full-time