Product Security Resilience Manager - Stockholm, United States - Assa Abloy

Description

Product Security Resilience Manager

Are you passionate about Cybersecurity? Can you see limitless possibilities within security management in a progressive organization? If modern technology, problem-solving, driving best practices and delivering secure solutions resonate with you, then we have a unique opportunity for you to develop your passion toward forming the next steps in product security architecture in a truly global organization.

Join our newly built Team in Stockholm, Sweden and enjoy a collaborative culture that empowers you to build a career you can be proud of.

What would you do as our Product Security Resilience Manager

This is a new position in our product security team where you'll have the opportunity to build and shape your role.

You will be responsible for leveraging our risk management to mitigate exposures due to cyber threats and disasters, in collaboration with Colleagues within the Global Product Security team in order to enhance the effectiveness of the product security program.

You will also manage the Vulnerability Disclosure and Product Security Incident Response program by establishing, enhancing, monitor processes and procedures, regular testing and reporting, including training the organization.

Your role will be to identify detective and preventative technology and automation to reduce the impact of security threats in advance.

You will report to Director, Product Security and we're open for you to be based in any location within Europe.

You would also:

• Provide recommendations, guidance, and coordinate Product Security Incident Response activities during incidents or as a participant in a Crisis Management Team.
• Lead gap analysis and post incident reviews to identify learnings to improve the Product Security organization in collaboration with key stakeholders.
• Perform analysis of reported issues and work with product teams, partner and vendor teams to coordinate and manage vulnerabilities.
• Perform analysis of publicly reported vulnerabilities and attacks in order to develop proactive capabilities to systematically address the identified vulnerabilities, impacts through recommendations and training to developers and leadership.
• Build impactful security awareness training programs to enhance corporate knowledge and understanding of existing and potential risks, threats & trends.

The skills and experience you need

We are looking for someone who:

• Has several years of experience in working with Vulnerability Disclosure or Bug Bounty program.
• Has demonstrated ability as a lead during incidents and investigations according to recognized standards, frameworks, and processes such as ISO/IEC 29147, ISO/IEC 30111,
• Has an understanding of and experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
• Has previous experience working in an agile engineering design and development organization as part of a security team or as a developer.
• Is available to support and accommodate work schedules in GMT and/or Eastern time zone.

Experience in working with one or several security frameworks and standards such as MITRE ATT&CK/D3FEND, OWASP ASVS/ISVS, Cloud Controls Matrix would be beneficial, as well as any relevant certifications such as ECIH, GCIH, CISM, CSSLP or equivalent.

If you have a genuine passion for both cyber security and shaping processes in a global organization, we'd love to hear from you

What we offer

We're passionate about providing amazing opportunities and benefits, so you can continue and progress a lifelong career with us - here's what we have to offer:

• Learning and career development opportunities, whether it's online learning, management training or enhancing your skills .
• Hybrid model of working
• A competitive salary and incentive schemes
• Flexible working hours
• Stable employment in a friendly international atmosphere

We review applications regularly, so don't wait

We are building diverse, inclusive teams, and encourage applications from everyone who can see themselves working with us. Just set up your profile and apply here, no later than 31st May 2024.

To make sure your personal data is safe, we don't look at any applications sent by email or post. If you have any questions about the role or the process, email Daria Skucha, Talent Acquisition Business Partner, at

Let's create a safer and more open world - together

To find out more about us, visit

We are the ASSA ABLOY Group

Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go.

With nearly 51,000 colleagues in more than 70 different countries, we help billions of people experience a more open world.

Our innovations make all sorts of spaces - physical and virtual - safer, more secure, and easier to access.

As an employer, we value results - not titles, or backgrounds.

We empower our people to build their career around their aspirations and our ambitions - supporting them with regular feedback, training, and development opportunities.

Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

As we welcome new people on board, it's important to us to have diverse, inclusive teams, and we value different perspectives and experiences.

Stockholm, SE, 117 43

Project/Program Management

Travel Required: 0%-10%

Mid-senior level

31-May-2024