Lead - Cyber Security - IT

- Govern and enforce the effective implementation of product security practices

- Review and approve mandatory product security activities for the group Product Approval Committee (PAC)

- Institutionalize practices for identifying and quantifying product and portfolio product security risks

- Participate in SPS Software Security Group (SSG) providing input on cyber policies, risk management, processes, technology development and strategy

- Maintain and report product security metrics of GBE products through their development life cycle for continuous improvement

- Provide training, coaching, and consultation in secure development practices to the business and development teams

- Enable leadership team to understand security risk, participate in technology and resource needs planning

- Ensure adoption of Product Security initiatives and standard components across product lines

- Act as the focal point for critical customer cybersecurity issues (PSIRT), product security compliance, and external security certifications

- Monitor external security sources for vulnerabilities which impact products

- Interface with Legal and Marketing Communications group to manage communications of security vulnerabilities in Products

- Review and approve security notifications to inform customers of urgent security issues which may impact their Honeywell products

- Coordinate and track remediation of product security incidents

YOU MUST HAVE :

- Bachelor's degree in Computer Science, Computer Engineer or Cybersecurity related field.

- 4+ years leadership experience with product development

- 4+ years familiarity securing Cloud, Mobile or Client/Server software (including embedded software systems).

WE VALUE :

- Master's degree in Computer Science or Cybersecurity

- Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response

- Understanding of 'security by design' principles and architecture level security concepts

- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

- Excellent communication (written and oral) and leadership skills

- Working knowledge of Cyber security frameworks - i.e. ISA-62243, NIST-800-53, NIST RMF, etc.

- Understanding of development methods and methodologies - i.e. Agile, SAFe, SCRUM, etc.

- Understanding of DevSecOps

- Experience conducting secure product reviews leveraging both automated (i.e. SAST, DAST, SCA, etc.) & manual activities (Penetration Testing)

- Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP

- Background in systems engineering