Make ideas come to life. Globally.For us going to work everyday has an even greater purpose than putting the latest product or technology on the market. It’s about improving the everyday lives of millions. By staying humble and open for new ideas – we can push the boundaries for cooking, cleaning and wellbeing at home. But to keep doing so, we need more people who want to innovate and re-imagine what life at home can be.
SENIOR CYBERSECURITY ARCHITECT – Connectivity, Porcia (Italy)
Electrolux Global Connectivity & Technology (GC&T) organization is looking to strengthen its international team committed to delivering the cybersecurity for the Group’s growing portfolio of connected products. The Senior Cybersecurity Architect position is open within the Global Connectivity Architecture team and reports directly to the Global Connectivity Architect.
The Senior Cybersecurity Architect designs and implements cybersecurity-related activities for connectivity systems to support the deployment of a strategy of connected appliances globally. He/she ensures that all systems are working at optimal levels and supports the development of new technologies and system requirements. This includes proper strategic management of connectivity system complexity, considering the long-lasting presence of products on the market (minimum 10 years), adequate cyber-security, and peculiarities of the IoT model. Monitoring and integration of new emerging technologies - embedded, networked or cloud-based - is another key element of this role. The position interfaces to the various functions of GC&T (IoT Integration, Connected Consumer Solutions, Electronics, Strategy, Technology, Project Management, etc.), IT and relevant group Sectors (Major Appliances, Small Appliances / Home Comfort and Professional). It is a global, strategic role, with the goal of ensuring technical competitive advantage of Electrolux connected products, services and systems.
A REGULAR DAY AT WORK
Analyze System Requirements:
- The Senior Cybersecurity Architect analyzes existing systems to ensure they offer an adequate level of cybersecurity, data privacy are effectively meeting the needs of the organization. He/she coordinates with all areas of the organization to see that the system is working optimally. Identifies and communicates current and emerging security threats.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues.
Recommend Cybersecurity Improvements:
- Based on the knowledge of Information Security, IT and System architecture, the Senior Cybersecurity Architect identifies security design gaps in existing and proposed architectures and recommends changes or enhancements.
- Designs security architecture elements to mitigate threats as they emerge. Creates solutions that balance business requirements with information and cybersecurity requirements.
- Maintains awareness of cybersecurity trends and novel solutions in relevant connectivity areas and proactively suggests their integration into Electrolux connectivity solutions and platforms.
Cooperate on Cybersecurity design and perform cybersecurity review of new systems:
- Cooperate on the design and Cybersecurity review processes for newly connected systems.
- Develops and documents the proposed technical design for the integration and implementation of any new component, working across GC&T CCS, GC&T IoT System Integration, IT, Electronics and Product Lines Teams.
- Assures application of principal cybersecurity design rules (minimalism, least privilege, defence-in-depth, a principle of the weakest link, … ) and best practices of secure SW development process during Project lifetime.
Tools, Processes, Standardization:
- Ensures that cybersecurity design and architecture information is well documented, up-to-date and communicated to the relevant stakeholders.
- Ensures that proper tools are adopted, that adequate design, development, testing and documentation methodology is used within relevant projects, and that sound processes are followed. Leads proper process and methodology definition and implementation, as appropriate.
- Aligns standards, frameworks and security with overall business and technology strategy.
- Enhances security team accomplishments and competence by planning the delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Maintains security by monitoring and ensuring compliance with standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Represents Electrolux in relevant standardization bodies (such as Open Connectivity Foundation) where appropriate, executes Electrolux strategy in the definition of these upcoming IoT standards and ensures interoperability and compliance of Electrolux connectivity solutions.
- Helps build and maintain internal- and external networks (e.g. with sectors, suppliers, partner institutes, universities).
- Updates own knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; participating in professional organizations.
- Team oriented, good cultural awareness
- Proactive, takes initiative; influencing and presentation skills
- Strong written and oral communication skills
- Creative thinker, problem solver
- Enjoys the challenge, change and fast-paced environments; adjusts quickly
- Hands-on approach to project delivery, detail oriented
- Decision making with incomplete information
- Project management experience
- Leader in high-level system architecture and design
- Ability to propose, think-through and evaluate long-term consequences in complex system design
- Ability to select, validate and argument around diverse solutions to complex problems
- Ability to lead, reason and reach solutions jointly with multiple teams of diverse opinions
- Ability to quickly comprehend functions and capabilities of new technologies.
- Willing to travel and to stay at different Electrolux sites when required
- Willing to keep technical background always up-to-date, commitment to technical excellence
EDUCATION AND EXPERIENCE
- Master's Degree in Computer Science or Electronic Engineering, or related. PhD is a plus.
- At least seven years of relevant work experience across product and IT organizations, including cybersecurity incident response, disaster recovery, identity and access management, information privacy, security operations centre management, cloud service providers or security architecture.
- Experience from a complex international organization is desirable.
- Solid English, spoken and written, is mandatory for this role.
- Knowledge of Italian or Swedish is a plus.
Technical skills:Must have a strong understanding of cryptography principles, network architecture, firewalls, Intrusion Detection Systems, and common operating systems.
Must have a strong understanding of selected advanced technical security topics such as:
- Identity access management;
- Ethical hacking;
- Secure mobile application development;
- Auditing and monitoring networks, systems, and users; or
- Security incident response.
Deep knowledge of:
- PKI (Public Key Infrastructure);
- CA (Certification Authorities) ;
- HSM (Hardware Security Modules) ;
- Single Sign-On (SSO) principles;
- Authentication & Authorization principles including OpenID/OAuth2 protocols.
Strong understanding of emerging technologies in IT such as:
- Cloud Platform
- Internet of Things
- BIG data as well as the associated security risks.
- Knowledge and experience in computer networks, TCP/IP protocols and wireless/mobile networking, with a focus on security aspects, is mandatory.
- Solid working knowledge of common information technology management and security frameworks, such as ISO/IEC 27001, OWASP, SANS, ITIL, COBIT, and NIST, is highly preferable.
- Knowledge and experience in cloud computing platforms, cloud API design with a focus on security aspects is an advantage.
- Even if it is not expected to program daily, knowledge in C/C++/.NET/Java/Python programming language is a plus.
- Knowledge of various cybersecurity/data privacy-related regulations, such as GDPR, NIS directive, ePrivacy directive, CyberSecurity Act, is a plus.
Want to know more about what we do within the Electrolux Group?
Ever wondered what the smart home of the future could be like? Watch this video about Electrolux’s take on what a fully connected smart home could offer the consumer: http://www.electroluxgroup.com/en/electrolux-design-explores-the-smart-home-of-the-future-23769/.