Cyber Security Manager

Responsibilities

The Security Manager is responsible for the Cybersecurity tasks related to a single development project. This includes:

• Analysis of Cybersecurity Requirements provided by the OEM;

• Providing a first point of contact for all engineering related cybersecurity questions referred to the project;

• Development of the Cybersecurity specific work products for the project (Item Definition, Threat Assessment and Risk Analysis, Cybersecurity Concept, Cybersecurity Case) according to the PDP;

• Maintenance of Cybersecurity specific work products over the whole project lifecycle;

• Analysis of potential threat scenarios and vulnerabilities and coordination of remediation actions for the security incident response;

• Support in developing a cybersecurity fortified system- and software architecture in cooperation with the System and the SW Architect;

• Support of Cybersecurity related testing issues.

KEY TASKS

The Security Manager is responsible for the execution of the Cybersecurity related process steps in accordance to the PDP in order to assure the product degree of security in compliance with Quality/Costs/Timings.

• Development of a Cybersecurity Item Definition according to the PDP;

• Evaluation of all Cybersecurity Requirements provided by the OEM;

• Ensuring the traceability of all Cybersecurity Requirements;

• Conducting the Threat Analysis and Risk Assessment according to the PDP;

• Development of a Security Concept according to the PDP;

• Creating the Cybersecurity Case document;

• Participation in the Change Request Management Process;

• Participation in the Configuration Management Process;

• Participation in the Problem Resolution Management Process;

• Participation in the Project Management Process (especially for planning issues regarding Cybersecurity).

The Security Manager is reporting to the Project Manager.

GRANTED POWERS

The rights and granted powers to the Security Manager are:

• Evaluation (Accepting and Rejecting) cybersecurity requirements in coordination with the security officer;

• Assessing security risk related to the project;

• Selection of security countermeasures for risk mitigation;

• Request all relevant information from development departments for the development of the Cybersecurity work products as defined by PDP

Qualifications

In order to fulfill the position appropriately, a candidate for the Security Manager has to provide the following knowledge and abilities:

• Knowledge in system architecture in the field of BHTC-products.

• Excellent technical knowledge and experience in the development of automotive control units, preferably on the system level.

• Cross-departmental methods (hardware, software, mechanics).

• Ability to give presentations on cybersecurity to internal and external audiences.

• Experiences with embedded systems in the automotive industry.

• Profound know-how in the field of cyber security and cryptography, preferably in the context of embedded systems.

• Knowledge of cryptographic network protocols and/or IT security.

• Knowledge of typical hardware and software security mechanisms preferably used in the environment of automotive ECUs as well as common cryptographic algorithms is desirable.

• Knowledge of related standards (UNECE R155, ISO/SAE 21434, ISO 26262, ISO/IEC 15504)

• Knowledge of change management. & configuration management.

• Special tool knowledge: o MS-Office o DOORS o Configuration management tools (preferably PTC Integrity) o Requirement management: DOORS