The Head of Product Security is responsible for ensuring the cybersecurity of Liebherr Products/Machines and related digital products throughout their entire lifecycle. The role defines and drives product security strategy, embeds security-by-design into engineering, and ensures compliance with EU product cybersecurity regulations, including the Cyber Resilience Act (CRA) and NIS2, while protecting connected machines, embedded systems, and digital services. Ensuring alignment with business strategies, demands, and risk appetite, working closely with Corporate Product Security Officer, as well as the Product Security Officers/Engineers of Product Segments.
Responsibilities:
1. Define and lead global product security strategy, roadmap and execution for construction machines and digital products.
2. Define product security controls (secure coding, vulnerability management, incident response) based on threat modelling and risk appetite.
3. Act as central focal point for product security topics within Corporate Information Security and to internal/external customers for product security matters, risk, regulatory findings
4. Define the product security governance framework (policies, standards, controls) and ensure adoption into R&D, engineering, and product lifecycle processes
5. Sponsor, build and deploy training, awareness, and support to Engineering teams on security best practices.
6. Ensure product compliance with EU Cyber Resilience Act (CRA), NIS2, and other applicable global regulations
7. Embed security-by-design into hardware, firmware, embedded software, and connected platforms.
8. Build, mentor and lead a team of product security experts. Foster collaboration with Engineering teams and across Corporate Information Security domains.
Competencies:
9. A degree in Engineering, Cybersecurity, Computer Science, or a related field
10. At least 5 years of experience in product or embedded cybersecurity, including 3+ years in a leadership role
11. Strong background in embedded systems, connected products, or industrial/IoT security
12. Proven ability to translate regulatory and technical requirements into practical engineering execution
13. Solid knowledge of standards and regulations such as UNECE R155/R156, EU CRA, IEC 62443, ISO 21434, NIST CSF
14. Experience with security testing methods and tools (e.g. SAST, DAST, fuzzing)
15. Strong leadership, communication, and stakeholder management skills
16. Experience in manufacturing, industrial, automotive, or heavy equipment environments is a strong advantage
17. Fluent English required; German and French are a plus
Our offer:
We offer you a secure job, progressive and family-friendly employment conditions such as flexible working hours, hybrid working and opportunities for further training.