Lead Security Architect
Are you dedicated to cyber security management related to OT product development and looking for an opportunity in a global organization developing solutions for sensitive utility services and critical infrastructure? Join a committed Digital Architecture team at Grundfos.
At Grundfos, we develop state-of-the-art reliable, sustainable water management technology for public, private and commercial use. We rely on intelligent digital solutions and security is a key priority.
As Lead Security Architect, you will support our project teams across the product portfolio. We are looking for people with lead capacity within OT (embedded & Linux) or IT (cloud & digital offerings).
Job Purpose
The main purpose is to:
- Establish and Enhance Security Frameworks: Support the implementation, maintenance, and continual improvement of the Grundfos Information Security Management System (ISMS), ensuring comprehensive security for digital assets.
- Enforce Robust Risk Management: Develop and enforce a rigorous risk management regime that conducts, coordinates, registers, documents, and reports relevant information security risks.
- Incident Management and Response: Ensure effective responses to and management of information security incidents, minimizing impact and ensuring swift recovery.
- Promote Secure Development Practices: Foster a culture of secure development within the software development divisions, aligning with industry standards and best practices.
- Collaboration and Compliance: Work closely with cross-functional teams to ensure compliance with legal, regulatory, and industry standards, contributing to the overall security posture of Grundfos.
Key Activities
Your key areas of responsibility will include:
- Conduct assessments of projects and third-party vendors to ensure alignment with established cybersecurity standards and frameworks.
- Stay abreast of the latest cyber threats and vulnerabilities affecting OT and IT, and develop strategies to counteract these risks effectively.
- Ensure all development activities comply with IEC 62443-4-1, ISO 27001 and ISO 15288 standards, fostering a secure development lifecycle.
- Oversee and enhance information security processes in line with the Grundfos Information Security Management System (ISMS).
- Identify, document, and monitor cybersecurity risks, maintaining comprehensive risk registers and facilitating the development of risk treatment plans for development teams.
- Manage and track identified product vulnerabilities, coordinating response and disclosure efforts as per Grundfos policy.
- Handle and complete third-party security questionnaires related to information security and risk assessments from suppliers and clients.
- Develop, implement, and execute incident response to address and mitigate security incidents effectively.
- Assist with penetration testing, threat modelling, and review of product security documentation to ensure robust security measures are in place.
- Collaborate with the Application Security (AppSec) program to provide expertise, support, and training within cybersecurity topics, ensuring product compliance with standards like ISO27001, IEC62443, CRA, RED DA, and others. Facilitate the deployment and management of security tools, perform recurring assessments, and coordinate the response to cybersecurity incidents.
- Conduct regular training sessions and awareness programs for development teams to promote a culture of cybersecurity vigilance and best practices.
- Collaborate with cross-functional teams to develop and update cybersecurity policies and procedures, ensuring they are relevant and effective.
- Continuously evaluate and improve existing security measures, leveraging new technologies and methodologies to enhance overall security posture.
- Ensure ongoing compliance with applicable legal, regulatory, and industry standards, conducting periodic audits and assessments as required.
- Work closely with other departments, including IT, legal, and compliance, to ensure a unified approach to cybersecurity. Provide regular reports on security status and initiatives to senior management.
Requirements
We are looking for a person with a good understanding of cyber security and familiar in creating and nurturing security awareness and understanding across technical functions and businesses.
We imagine that you have:
- A relevant technical degree related to Information Security, Computer Science, or Cybersecurity.
- More than 5 years of experience with identifying, assessing, and managing information security risks related to physical products.
- Experience with the technical context of IT systems, network security, encryption, and other technical aspects of information security.
- Experience with OT (embedded & linux) product development.
- Understanding of cybersecurity in the scope of an end-2-end architecture within software development environments.
- CISSP, CISM, CISA, CSSLP, or similar certifications is a plus.
- Proficiency in security tools, forensic analysis, and incident detection and response technologies and methods.
- Familiar with legal and regulatory requirements related to data protection and incident reporting.
- Strong analytical skills for incident investigation, data analysis, and threat identification.
- Excellent communication and cross-collaboration skills.
- Proficiency in English.
Additional information
If this job sounds appealing to you, please send your resume and cover letter as soon as possible. We will invite for interviews on an ongoing basis.
We look forward to hearing from you.
If you want to dive deeper into the Grundfos universe, please visit us on LinkedIn or .
Dies ist eine auf dritten Jobbörsen gefundene Stellenanzeige. Wir bieten hierfür keinen Support, können diese aber jederzeit offline stellen. Für weitere Informationen: Datenschutzhinweise | Anzeige melden.