Our organization's' Building Automation business is seeking a Product Security Leader (PSL) for their Security and Access Solutions (SAS) strategic business unit. As the SAS PSL you will get the chance to make a huge impact in helping direct the cybersecurity and privacy strategies used to secure all of the products developed for the Security and Access Solutions business.

You would report to the BA Cybersecurity Chief with matrix reporting to the SAS Vice President and Chief Technology Officer (VP/CTO).

Key Responsibilities:

- Serve as the Security Access Solution's VP/CTO's chief advisor on product security and privacy strategies and cyber risk management of their portfolio of products.

- As a member of VP/CTO's extended leadership team, you will influence the development of Security Access's products and ensure they are secure by design and by default.

- Be a coach to Product Security Directors, Security Architects, Security Champions & developers to grow their product security skills.

- Maintain and drive product security metrics of Security Access products through their development life cycle for continuous improvement.

- Accountability, in conjunction with the Security Access Solutions VP/CTO, for keeping our customers secure. This includes Product Security Risk Management and assuring compliance with corporate and BA Product Security Risk Management policies for all products in the Security Access Solutions portfolio.

- Ensure adoption of product security requirements and encourage the use of Building Automation standard components across Security Access Solutions.

- Evaluate & enhance product security processes to keep them lean and optimize security.

- Lead and coordinate cross-functional activities to support incident response to closure.

- Be the focal point for critical customer cybersecurity issues, product security compliance, and external security certifications.

MUST HAVE:

- 6+ years familiarity securing Cloud, Mobile, and on-premises software including embedded Linux and RTOS software systems and installable Windows client and server software.

- Understanding of DevSecOps.

- 2+ years hands-on and leadership experience with software development.

- 10+ years' experience in technology and cybersecurity.

- Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response.

- Working knowledge of Cyber security frameworks - i.e. ISA/IEC 62243, NIST 800-53, NIST RMF, etc.

- Experience conducting secure product reviews leveraging both automated (i.e. SAST, DAST, SCA, etc.) & manual activities (Penetration Testing).

- Understanding security by design' principles and architecture level security concepts

- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.