• Job Description

  Req#: 16534

  Product Security Resilience Manager

  Are you passionate about Cybersecurity? Can you see limitless possibilities within security management in a progressive organization? If modern technology, problem-solving, driving best practices and delivering secure solutions resonate with you, then we have a unique opportunity for you to develop your passion toward forming the next steps in product security architecture in a truly global organization.
  Join our newly built Team in Stockholm, Sweden and enjoy a collaborative culture that empowers you to build a career you can be proud of.

  
  What would you do as our Product Security Resilience Manager

  This is a new position in our product security team where you’ll have the opportunity to build and shape your role. You will be responsible for leveraging our risk management to mitigate exposures due to cyber threats and disasters, in collaboration with Colleagues within the Global Product Security team in order to enhance the effectiveness of the product security program. You will also manage the Vulnerability Disclosure and Product Security Incident Response program by establishing, enhancing, monitor processes and procedures, regular testing and reporting, including training the organization. Your role will be to identify detective and preventative technology and automation to reduce the impact of security threats in advance. You will report to Director, Product Security and we're open for you to be based in any location within Europe.

  You would also:

  • Provide recommendations, guidance, and coordinate Product Security Incident Response activities during incidents or as a participant in a Crisis Management Team.

  • Lead gap analysis and post incident reviews to identify learnings to improve the Product Security organization in collaboration with key stakeholders.

  • Perform analysis of reported issues and work with product teams, partner and vendor teams to coordinate and manage vulnerabilities.

  • Perform analysis of publicly reported vulnerabilities and attacks in order to develop proactive capabilities to systematically address the identified vulnerabilities, impacts through recommendations and training to developers and leadership.

  • Build impactful security awareness training programs to enhance corporate knowledge and understanding of existing and potential risks, threats & trends.

  
  The skills and experience you need
  We are looking for someone who:

  • Has several years of experience in working with Vulnerability Disclosure or Bug Bounty program.

  • Has demonstrated ability as a lead during incidents and investigations according to recognized standards, frameworks, and processes such as ISO/IEC 29147, ISO/IEC 30111, FIRST.org

  • Has an understanding of and experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.

  • Has previous experience working in an agile engineering design and development organization as part of a security team or as a developer.

  • Is available to support and accommodate work schedules in GMT and/or Eastern time zone.

  Experience in working with one or several security frameworks and standards such as MITRE ATT&CK/D3FEND, OWASP ASVS/ISVS, Cloud Controls Matrix would be beneficial, as well as any relevant certifications such as ECIH, GCIH, CISM, CSSLP or equivalent. If you have a genuine passion for both cyber security and shaping processes in a global organization, we’d love to hear from you!

  
  What we offer

  We’re passionate about providing amazing opportunities and benefits, so you can continue and progress a lifelong career with us – here’s what we have to offer:

  • Learning and career development opportunities, whether it’s online learning, management training or enhancing your skills .

  • Hybrid model of working

  • A competitive salary and incentive schemes

  • Flexible working hours

  • Stable employment in a friendly international atmosphere
    

  We review applications regularly, so don’t wait

  We are building diverse, inclusive teams, and encourage applications from everyone who can see themselves working with us. Just set up your profile and apply here, no later than 31st May 2024.
  
  To make sure your personal data is safe, we don’t look at any applications sent by email or post. If you have any questions about the role or the process, email Daria Skucha, Talent Acquisition Business Partner, at Daria.Skucha@assaabloy.com.

  Let’s create a safer and more open world - together!

  To find out more about us, visit www.assaabloy.com

  We are the ASSA ABLOY Group
  Our people have made us the global leader in access solutions. In return, we open doors for them wherever they go. With nearly 51,000 colleagues in more than 70 different countries, we help billions of people experience a more open world. Our innovations make all sorts of spaces – physical and virtual – safer, more secure, and easier to access.

  As an employer, we value results – not titles, or backgrounds. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally.

  As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.

• About the company

  Assa Abloy AB is a Swedish conglomerate whose offerings cover products and services ranging from locks, doors, gates and entrance automation. This also includes controlling identities with keys, cards, tags, mobile and bio-metric identity verification systems. Assa Abloy was formed in 1994, when Assa AB was separated from Swedish security firm Securitas AB.

Notice