Product Security Officer - remote

Posted 3 years ago

The Product Security Officer (PSO) has the responsibility of leading the team that is responsible for actively driving product &solution security development process Globally for Landis+Gyr. The PSO advises executive management, product management, project management, and R&D regarding security processes and reqirements for all Landis+Gyr products, solutions and services through direct feedback from customers, industry directions, and compliance and regulatory requirements. In cooperation with the Global Technology Office, and reporting to the Chief Information Security Officer, the PSO leads a team that manages SDL processes, tools, and standards to ensure products have security requirements defined and are developed securely.

Key Responsibilities

  • Manage the Product Security Team, provide leadership and day to day management of the activies
    of the group and team members. 20%

  • Engage with other security teams to create product security requirments, as a result of product
    security threat models, penetration tests and other security testing/assessments and inputs. 15%

  • Provide input and support to product development teams throughout the product development
    lifecycle on a variety of product security requirements, including secure coding and configuration,
    software testing, third-party component management and security defect management. 10%

  • Manage the technical product security testing team to deliver against the strategic priorities and
    projects 10%

  • Own product security tools, Including SAST and DAST solutions. 10%

  • Define and manage product security procedures, directives, and technology controls. 5%

  • Define a control framework related to product security that provides the greatest amount of
    coverage while remaining scalable and efficient. 5%
    Lead third-party risk assessments concerning product security risks, completed by the technical
    testing team. 5%

  • Integrate the Product Security Program into the relevant stages of the product development
    lifecycle. 10%

  • Communicate complex technical and programmatic information to a wide audience, often in the
    form of verbal and visual updates, technical reports, and/or briefings. 5%

  • Maintain on-going awareness of emerging cybersecurity threats and trends. 5%

Supports and adheres to Companys core values.
Performs other duties or responsibilities as assigned or required.
Supports and adheres to Companys Code of Conduct and Ethics Policy.
Represents Company in a positive, professional manner when working with both internal and external customers.

This role is a permanent (W2) position for US based candidates and an indefinite contract for non-US based candidates.

Ideal Experience

Required Minimum Years of Experience: 10+

Desired Education/Experience:
- BA or equivalent education and experience
- 7 years or more of product security experience
- 5 years or more experience with developing solutions
- 1+ year developing in cloud environments (Google preferred)

Knowledge/Skills/Abilities
- Strong documentation and communication skills
- Experience with complying with IT Security certifications (ISO27001, SSAE)
- Experience with Secure Development Lifecycle concepts
- Experience with agile development methodologies
- Experience with code security analysis tools
- Experience working within cloud environments
- Ability to work independently