Cyber Security Coordinator for Foundational Services Team

The Foundational Services (FDS) segment within Siemens Digital Industriesis a business unit offering a broad range of digital Foundational Services forSiemens Xcelerator applications which help Siemens businesses to acceleratetheir products and service development lifecycles. Given that the FoundationalServices are a backbone of such Siemens digital products and services, theyoffer a high degree of assurance about their quality and security which isachieved by adopting strong Quality Management, as well as strong Product andInformation Security Management processes and practices.

In the current setup of FDS, there are several high-performance teams,each with varying levels of maturity in terms of Quality and Cyber SecurityManagement. There is a need to adopt a unified Quality and Cyber SecurityManagement approach to align these teams to a consistent set of quality andcyber security standards. A unified approach makes it easy to assess, measureand monitor continuous improvement of respective management systems andprocesses.

The role of the Cyber Security Coordinator is a key role to ensure anappropriate level of security for Siemens' future digital services based onXcelerator. This role addresses candidates that want to use their existingprofound IT-expertise e.g., coming from SW development, ITSM or IT security ina more consultative way and expand this ability by further practices likesecure architecture, secure cloud and container management, SaaS processmanagement, management communication etc.

The goal for applying this broad set of skills is to connect the ITexperts and the management for building secure software and providing SaaSservices via secure processes to customers. For this, we offer an interestingleading-edge technology and SaaS product environment forming a digitalplatform. Therefore, we need to increasingly manage the agility of theapplications built on our stable and secure platform which requires yourexperience, innovative ideas, and your drive to mature.

Consequently, the selected candidate will be responsible for supportingthe implementation, maintenance, and certification of respective cyber securitymanagement systems, using the day-to-day activities as described following.

This role is an individual contributor/expert role reporting into theQuality Management Lead. The selected candidate will be responsible forsupporting the implementation, maintenance, and certification of respectivecyber security management systems, in addition to day-to-day activitiesdescribed below.

Responsibilities:

• You will be responsible to drive and coordinate the implementation,maintenance, and certification activities of an information security managementsystem like ISO27001 and product & solutions security management systemslike IEC62443-4 –1 for all FDS segments

• You will apply respective Siemens Cyber Security policy and guidelines

• You will work with the FDS management. the development and theoperations teams to translate each cyber security control from differentstandards (for example ISO 27001, SOC, IEC62443, ...) into a set of proceduresthat the teams can execute and demonstrate value add in the process

• You will work with the FDS management, the development, and operationsteams to routinely assess the maturity of each team against a common set ofcyber security standards and requirements. Assessments shall be reported as ascorecard of well-defined KPIs and measures

• You, together with a representative of the development and operationsteams, will work to understand and implement the Siemens Quality Gateseffectively so the teams are assured of providing consistent, repeatableoutcomes with every system change

• You will establish and lead a system of Management Reviews to provideaccurate, adequate insights to the Leadership team on topics of Quality,Security and Processes

• You will coordinate and prepare routine internal audits and externalcertification audits with the management, the development, and operations teams

• You should be able to

o Communicate and consult with other security experts, developers,operations teams, development and operations managers, and the Leadership team

o Analyze data from the software development lifecycle to identifyopportunities to eliminate waste and improve performance

o Produce measurable security objectives and indicators (KPIs) and reportout on them

o Research - Maintain technical expertise in area of cyber security byfollowing technical advances in industry and academia

o Perform research to determine possible technical solutions to long-termtechnical issues.

Required Knowledge/Skills, Education, and Experience:

• You have a Master / bachelor’s degree in natural scientific ortechnical studies (computer science or automation technology preferred)

• You have long-term work experience either in the software developmentlifecycle, IT/cyber-security, or IT service management

• Willingness to learn

• Familiarity with quality and security standards (ISO 9001, ISO27001,IEC 62443 ...)

• You have strong analytical and communication skills

• You are pro-active and result-oriented and understand the importance ofimplementing change one small step at a time (avoid large, disruptive changes)

• Proven experience in a similar role in previous jobs

Preferred Knowledge/Skills, Education, and Experience:

• Experience with cloud computing services (e.g., AWS and/or Azure)

• Experience with Agile software development practices

• Ability to work with people in different geographies and cultures

• NICE TO HAVE: Certified Lead Auditor in ISO 27001 or similar standards

Siemens Software. Transform the Everyday

The salary range for this position is$145,700 to $262,300 and this role is eligible to earn incentive compensation.The actual compensation offered is based on the successful candidate’s worklocation as well as,, additional factors, including job-related skills,experience, and relevant education/training.  Siemens offers avariety of health and wellness benefits to employees. Details regarding ourbenefits can be found here: www.benefitsquickstart.com. In addition, thisposition is eligible for time off in accordance with Company policies,including paid sick leave, paid parental leave, PTO (for non-exempt employees)or non-accrued flexible vacation (for exempt employees).

#SWSaaS