Senior Cybersecurity Architect | Digital Experience
By creating desirable solutions and great experiences that enrich people’s daily lives and the health of our planet, we want to be a driving force in delivering enjoyable and sustainable living. At Electrolux, we shape living for the better.
For us going to work everyday has an even greater purpose than putting the latest product or technology on the market. It’s about improving the everyday lives of millions. By staying humble and open for new ideas – we can push the boundaries for cooking, cleaning and wellbeing at home. But to keep doing so, we need more people who want to innovate and re-imagine what life at home can be.
For that, we employ great people from a wide variety of backgrounds – not just because it’s the right thing to do, but also because we believe that diverse perspectives make our business stronger and more innovative. If you share our values, come find your place in our global community. Meet us on @lifeatelectrolux and career.electroluxgroup.com to learn more.
SENIOR CYBERSECURITY ARCHITECT
Electrolux Group Technology Organization (GTO) is looking to strengthen its international team committed to deliver cybersecurity for the Group’s growing portfolio of connected products. The Senior Cybersecurity Architect position is open within the Group Connectivity Architecture function and its Cybersecurity team, and reports directly to the Head of Group Connectivity Architecture.
The Senior Cybersecurity Architect designs and implements cybersecurity related activities for connectivity systems to support the deployment of strategy of connected appliances globally. He/she ensures that all systems are working at optimal levels and supports development of new technologies and system requirements. This includes proper strategic management of connectivity system complexity, considering the long-lasting presence of products on the market (minimum 10 years), adequate cyber-security, and peculiarities of the IoT model. It is a global, strategic role, with the goal of ensuring technical competitive advantage of Electrolux connected products, services and systems.
A REGULAR DAY AT WORK
Analyze System Requirements:
• The Senior Cybersecurity Architect analyzes existing systems to ensure they offer adequate level of cybersecurity and privacy protection are effectively meeting the needs of the organization. He/she coordinates with all areas of the organization to see that the system is working optimally. Identifies and communicates current and emerging security threats.
• Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues.
Recommend Cybersecurity Improvements:
• Based on expert knowledge of Information security, IT and System architecture, identifies cybersecurity design gaps in existing and proposed architectures and recommends changes or enhancements.
• Designs security architecture elements to mitigate threats as they emerge. Creates solutions that balance business requirements with information and cyber security requirements.
• Maintains awareness of cybersecurity trends and novel solutions in relevant connectivity areas and proactively suggests their integration into Electrolux connectivity solutions and platforms.
Cooperate on Cybersecurity design and perform cybersecurity review of new systems:
• Cooperates on the design and Cybersecurity review processes for new connected systems.
• Develops and documents technical design for integration and implementation of new components, working with heterogenous teams with variety of expertise (FW, SW, Systems, Cloud, Mobile).
• Assures application of principal cybersecurity design rules (minimalism, least privilege, defense-in-depth, principle of the weakest link, … ) and best practices of secure software development process.
Tools, Processes, Standardization:
• Ensures that cybersecurity design and architecture information is well documented, up-to-date and communicated to the relevant stakeholders.
• Ensures that proper tools are adopted, that adequate design, development, testing and documentation methodology is used within relevant projects, and that sound processes are followed. Leads proper process and methodology definition and implementation, as appropriate.
• Aligns standards, frameworks and security with overall business and technology strategy.
• Enhances security team accomplishments and competence by planning delivery of solutions; coaches less experienced team members; teaches improved processes;
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
• Represents Electrolux in relevant standardization bodies (such as Open Connectivity Foundation) where appropriate, executes Electrolux strategy in the definition of these upcoming IoT standards and ensures interoperability and compliance of Electrolux connectivity solutions.
• Helps build and maintain internal- and external networks (e.g. with sectors, suppliers, partners, academia);
• Maintains up-to-date knowledge of emerging security practices and standards; embraces educational opportunities; reads professional publications; engages in professional organizations.
Team oriented, good cultural awareness
Proactive, takes initiative; influencing and presentation skills
Strong written and oral communication skills
Creative thinker, problem solver
Enjoys challenge, change and fast paced environments; adjusts quickly
Hands-on approach to project delivery, detail oriented
Decision making with incomplete information
Project management experience
Leader in high-level system architecture and design
Ability to propose, think-through and evaluate long-term consequences in complex system design
Ability to select, validate and argument around diverse solutions to complex problems
Ability to lead, reason and reach solutions jointly with multiple teams of diverse opinions
Ability to quickly comprehend functions and capabilities of new technologies.
Willing to travel and to stay at different Electrolux sites when required
Willing to keep technical background always up-to-date, commitment to technical excellence
EDUCATION AND EXPERIENCE
Master's Degree in Computer Science or Electronic Engineering, or related. PhD is a plus.
At least five years of relevant work experience across product and IT organizations, including cybersecurity incident response, disaster recovery, identity and access management, information privacy, security operations center management, cloud service providers or security architecture.
Experience from a complex international organization is desirable.
Solid English, spoken and written, is mandatory for this role.
Must have strong understanding of: computer architecture and cybersecurity principles, network architecture, IoT systems architecture and of common operating systems.
Must have a strong understanding of some of the advanced technical security topics, such as:
• Embedded systems (e.g. FreeRTOS) and applications;
• Mobile operating systems (iOS, Android), secure mobile application development;
• IoT and networked systems;
• Cloud security (AWS, Azure);
• Datacenter and internal network security (Firewalls, DMZs, Active Directory);
• Security incident response.
Deep knowledge is required of:
• PKI (Public Key Infrastructure);
• Single Sign-On (SSO) principles;
• Authentication & Authorization principles including OpenID/OAuth2 protocols;
• Cryptographic algorithms and protocols;
• Secure development lifecycle;
• Secure OTA update;
• Firmware signing and secure boot.
• Knowledge and experience in computer networks, TCP/IP protocols and wireless/mobile networking, with focus on security aspects, is mandatory;
• Even if is not expected to code, knowledge in C/C++/Java/Python programming languages is a plus;
• Solid working knowledge of common information technology management and security frameworks, such as ISO/IEC 27001, OWASP, SANS, ITIL, COBIT, and NIST, is highly preferable;
• Knowledge and experience in cloud computing platforms, cloud API design, with focus on security aspects is an advantage;
• Knowledge of various cybersecurity/data privacy related regulations, such as GDPR, NIS directive, ePrivacy directive, CyberSecurity Act, is a plus.
Electrolux is a leading global appliance company that has shaped living for the better for more than 100 years. We reinvent taste, care and wellbeing experiences for millions of people, always striving to be at the forefront of sustainability in society through our solutions and operations. Under our brands, including Electrolux, AEG and Frigidaire, we sell approximately 60 million household products in approximately 120 markets every year. In 2020 Electrolux had sales of SEK 116 billion and employed 48,000 people around the world. For more information go to www.electroluxgroup.com.