The Cyber Security Manager provides support (when and as needed) to the Engineering organization (unit/department) regarding cyber security in technical, process, method, and documentation perspectives, and is organized as a shared service. The shared service can be realized on any organizational level (unit/department/team) as a part time or full-time engagement by one or multiple persons depending on the organizations need. A CSM shall be appointed when a department has ownership of cybersecurity related product structure element(s) that involve electric/electronics and/or software. The Responsible manager role used in this role description refers to the role that is assigned as responsible for a unit/department/team, in accordance with the Engineering Collaboration Framework. Authority to take necessary actions to secure fulfilment of the defined responsibility.
Responsibilities
- Support the unit’s/department’s management team with cybersecurity management competence as a speaking partner. Perform cybersecurity management activities.
- Support the unit’s/department’s technical roles (e.g., Engineering teams, Architects) with competence regarding cybersecurity.
- Support Engineering teams in performing and updating cybersecurity deliverables such as TARA, Cybersecurity Concept and Cybersecurity Specification development.
- Work closely with Engineering teams to ensure the execution of security requirements.
- Support the unit’s/department’s technical roles (e.g., Engineering teams, Architects) with cybersecurity development and V&V activities, but then always as a temporary team member, i.e., the responsibility for the work products always remain with the owning team.
- Support the department’s quality assurance by participating in verification reviews with a cybersecurity perspective.
- Support the department’s cybersecurity related sourcing (CS-SOW), evaluation of supplier’s cybersecurity work and achievement of cybersecurity (CS-JR).
- Act as a first line cybersecurity contact (e.g. towards the CSMS Support team) for the unit/department.
- Act as a first line cybersecurity contact for technical support questions (e.g. towards the Shield team).
- Nurture the department’s cybersecurity culture and strive for making the department able and mature regarding cybersecurity.
- Contribute to the CS CoP as an active member.
Requirements
- Knowledge of embedded and/or automotive systems.
- Knowledge of cybersecurity engineering best practices and standards (e.g., ISO/SAE 21434, SAE J3061, ISO 27001/27002).
- Knowledge and practical experience with common cybersecurity controls.
- Knowledge and experience in cybersecurity threat analysis and risk assessment process and techniques.
- Strong problem-solving skills to analyze cybersecurity issues and requirements.
- Technical Knowledge related to the product(s) that the CSM’s ART/Solution.
- Knowledge about the extended vehicle ecosystem.
