The Head of Product Security is responsible for ensuring the cybersecurity of Liebherr Products/Machines and related digital products throughout their entire lifecycle. The role defines and drives product security strategy, embeds security-by-design into engineering, and ensures compliance with EU product cybersecurity regulations, including the Cyber Resilience Act (CRA) and NIS2, while protecting connected machines, embedded systems, and digital services. Ensuring alignment with business strategies, demands, and risk appetite, working closely with Corporate Product Security Officer, as well as the Product Security Officers/Engineers of Product Segments.
Responsibilities
* Define and lead global product security strategy, roadmap and execution for construction machines and digital products.
* Define product security controls (secure coding, vulnerability management, incident response) based on threat modelling and risk appetite.
* Act as central focal point for product security topics within Corporate Information Security and to internal/external customers for product security matters, risk, regulatory findings
* Define the product security governance framework (policies, standards, controls) and ensure adoption into R&D, engineering, and product lifecycle processes
* Sponsor, build and deploy training, awareness, and support to Engineering teams on security best practices.
* Ensure product compliance with EU Cyber Resilience Act (CRA), NIS2, and other applicable global regulations
* Embed security-by-design into hardware, firmware, embedded software, and connected platforms.
* Build, mentor and lead a team of product security experts. Foster collaboration with Engineering teams and across Corporate Information Security domains.
Competencies
* A degree in Engineering, Cybersecurity, Computer Science, or a related field
* At least 5 years of experience in product or embedded cybersecurity, including 3+ years in a leadership role
* Strong background in embedded systems, connected products, or industrial/IoT security
* Proven ability to translate regulatory and technical requirements into practical engineering execution
* Solid knowledge of standards and regulations such as UNECE R155/R156, EU CRA, IEC 62443, ISO 21434, NIST CSF
* Experience with security testing methods and tools (e.g. SAST, DAST, fuzzing)
* Strong leadership, communication, and stakeholder management skills
* Experience in manufacturing, industrial, automotive, or heavy equipment environments is a strong advantage
* Fluent English required; German and French are a plus
Our offer
We offer you a secure job, progressive and family-friendly employment conditions such as flexible working hours, hybrid working and opportunities for further training.
#J-18808-Ljbffr