13 days old

Chief Security Officer

Charlotte, NC
**Chief Security Officer**

Locations:Charlotte, North Carolina

Job Family: Information Technology


English (US)

**Job Description**

**Division:** Digital Factory

**Business Unit:** Product Lifecycle Management-PLM

**Requisition Number:** 222807

**Primary Location:** United States-North Carolina-Charlotte

**Assignment Category:** Full-time regular

**Experience Level:** Senior level

**Education Required Level:** Bachelor's Degree

**Travel Required:** 15%

**Division Description:**

Siemens Digital Factory offers a comprehensive portfolio of seamlessly-integrated hardware software and technology-based services in order to support manufacturing companies worldwide. Siemens PLM Software, a Plano, Texas-based business unit of the Digital Factory Division, is a leading global provider of product lifecycle management (PLM) and manufacturing operations management (MOM) software, systems and services with over nine million licensed seats and more than 77,000 customers worldwide.

For more information, please visit:


**Job Description:**

As the Chief Security Officer (CSO) you will have the lead role in defining, planning, implementing, and automating security processes for Siemens PL environments that meet or exceed the objectives. Key

deliverables include leading the investigation and resolution of incidents; support the resource requirements of development; integrate security into the CI/CD pipeline; identify & roll out best practice

standards; support the compliance officer; meet compliance and create best practice standards for cloud services; and document all processes.

A successful candidate will be a self-starter, have a solid understanding of security policies, processes, excellent project management skills, demonstrated an ability to run multiple, large

initiatives simultaneously, and be a superb manager who will achieve results while maintaining a high velocity of activity across the security program. The ideal candidate will be experienced with agile

development methodologies and able to drive agile processes throughout the security teams.

Build the security compliance and risk management function within the Siemens PL cloud services

* Manage, oversee, and guide information security policy projects and tasks

* Lead security awareness and training initiatives

* Perform phishing exercises & threat assessment's on a regular cadence

* Work with teams to identify security gaps prior to PEN testing & schedule PEN testing for services

* Support compliance officer in achieving industry certifications (e.g. ISO 9001, SOC, FedRAMP, etc.)

* Lead organizations security policy efforts and policy related activities for risk management

* Contribute security best practices to Operations strategy planning, design, implementation, and maintenance activities.

* Ensure the production environment is operating in accordance with established security procedures and best practices.

* Manages senior policy consultants or other policy analysts where applicable.

* Manages and aligns security policies to industry standards

* Acts as an advocate of information security, GRC (Governance, Risk management & Compliance), and privacy programs across the organization.

* Maintains security policy program in accordance with industry standards and requirements.

* Prepares reports and performance metrics onsecurity policy for senior management.

* Provides expert-level analysis of policy activities including: policy impacts on IT systems; procedural integration and alignment to policy; alternatives analysis; and policy rollout or implementation plans.

* Writes, edits, and maintains information security policies, procedures, standards, and guidelines.

* Develops, manages, and maintains enterprise wide phishing campaigns to test security awareness and training.

* Develops, manages, and maintains enterprise wide security awareness and training programs.

* Performs contract reviews of data security addendums, vendor responses, and works to ensure alignment to Siemens PL policies.

* Collaborate closely with other departments to ensure that the information security policy, compliance, and risk management requirements are met.

* Ensures that Siemens PLCloud Services maintain compliance to generally accepted security practices which are reinforced through sound security policy.

* Provides project management support to GRC and other business units as appropriate in responding to audits and other information requests, and assists or coordinates the responses to policy inquiries.

* Ensures that all policy projects are delivered on-time, within scope, and within budget.

* Coordinates internal resources and third parties or vendors for the execution of security projects

* Report and escalate security project issues to management as needed

* Manages the relationships with the IT, Information Security, and other stakeholders

* Supports in GRC activities to minimize business or project risks

* Develops detailed project plans to track statuses

* Other duties as assigned.


* Bachelors Degree in Business, Management, Computer Sciences, or equivalent prior work experience in a related field

* Senior level system administration experience, including troubleshooting, support, mentorship/training, and oversight in an enterprise setting

* Demonstrated competency in information security management for a cross-functional environment and with the proven ability to lead security and technical teams is require

* Experience in creating and maintaining compliance management schedules to ensure on-time delivery of information security compliance project

* Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire

* Excellent client-facing and internal communication skills

* Excellent written skills and a demonstrated ability to express technical requirements inwords through technical documentation are a must

* Strong understanding of security products and concepts such as firewalls, VPNs, IDS and other security devices.

* Deep understanding ofinformation security risk management frameworks such as ISO 27001, NIST, NIST 800-190, etc.

* 7+ years of IT experience (5+ years with Masters Degree)

* 5+ years experience with open source tools (Linux, Python, Git, Ansible)

* 4+ years experience developing, tailoring, updating, and managing security policy lifecycles

* 3+ years of cloud native application security experience

* 3+ years experience system automation with enterprise level requirements, distributed environments

* 2+ years experience with networking and network/system security, including firewalls, VPN, routing, switching, load balancers, monitoring, security and DNS

* Ability to manage goals, track milestones and report on status

* Act as a technical resource for a variety of information security projects that arise from current business and technological developments

* Willingness/ability to work off-shifts (evening, night-time, weekend) as needed or required.

* Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.

* Ability to work effectively in both an independent and team environment.

* Experience in leading or managing strategic thinking and planning sessions.

* Must have the ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.

* Possesses strong interpersonal and management skills.

* Experience with security program development or management.

* Proven ability to lead and manage staff, mentor staff members, provides direction and influences behavior.

* Excellent oral and written communicationskills, with the ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding.

* Confidence and leadership as a member of security teams in working with business users in a cross-functional environment.

* Knowledge and understanding of application, container, database, cloud native, and OS level security.

* Requires use of a wireless handheld device with messaging capability.

Preferred Skills

* AWS security services such as Macie, Sheild, WAF, IAM,GuardDuty, & Trusted Advisor

* Project Management Professional (PMP) or PRINCE II certification highly preferred.

* Strong understanding of Internet security considerations in web and application development cloud native environments

* Strong base for software architecture and design including inter-process communications, asynchronous processing, micro-services, message queueing, interfaces, and API development

* Terraform, CloudFormation, Ansible, Jenkins, CodeSuite or equivalent tools

* 2+ years' experience with full-stack development of web interface applications

* 5+ years of Linux administration & troubleshooting

* 5+ years shell scripting - sh/bash/ksh

* 7+ years of experience in an Enterprise IT environment.

* Experience managing network monitoring systems

* Experience with design, develop, and configuration of information securitytools.

* Experience with SOC & FedRAMP compliance


To learn more about MindSphere, check-out this great video!

**Equal Employment Opportunity Statement**

Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.

**EEO is the Law**

Applicants and employees are protected under Federal law from discrimination. To learn more, Click here at https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm .

**Pay Transparency Non-Discrimination Provision**

Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here at https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf .


  • Information Technology
  • Healthcare
  • Manufacturing / Production
  • Administrative / Clerical
  • Financial Services

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Chief Security Officer

Charlotte, NC

Share this job

Chief Security Officer

Charlotte, NC

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast