Cyber Security Lead

Social network you want to login/join with:

Deep Sea Electronics Ltd (DSE) are a leading UK electronics manufacturer specialising in the development of advanced control and automation products for the power generation and off-highway vehicle markets. Our range of solutions includes connected devices that are subject to the latest cybersecurity standards.

The cybersecurity lead will be responsible for overseeing the cyber security aspects of our products. They will work closely with cross-functional teams including engineering, operations, and commercial to ensure products' regulatory compliance and industry best practices.

Requirements:

• Expert in C/C++ for embedded systems
• Cyber security development processes, including risk assessment techniques
• Security protocols and techniques, encryption, key storage, secure boot, and trust zones
• Knowledge of RED and CRA regulations
• Cyber security standards, IEC 62443, EN18031
• BSc in computer science or related degree qualification
• Familiar with stage-gated/agile development approaches
• Comfortable collaborating and communicating with embedded systems engineers and company executives alike, bridging the gap between technical and management
• Held a role focused on cyber security in embedded systems
• Worked practice of the relevant standards
• Leadership of primary contributor to risk analysis, mitigations, and translation requirements

Key Duties & Responsibilities:

• Lead the cybersecurity program at DSE Ltd
• Coordinate, develop, and maintain the cybersecurity strategy and policies for the development of products within the DSE product range
• Work cross-functionally with other departments to ensure full coverage of the relevant cyber security regulations, including the EU Cyber Resiliency Act
• Work with product management to drive cyber security initiatives into the product roadmap
• Lead the identification, assessment, and mitigation of cybersecurity risks associated with product development and deployment
• Oversee the preparation and submission of necessary documentation for compliance with IEC 62443 and related regulatory requirements
• Ensure continuous alignment with industry regulations and frameworks related to industrial cybersecurity
• Collaborate with engineering teams to integrate security features into product design and architecture
• Advise on secure software development practices and secure-by-design principles
• Lead vulnerability assessments, threat modelling, and penetration testing efforts for product solutions
• Ensure secure remote access, network security, and secure communication protocols are implemented throughout the products
• Act as the primary point of contact for cybersecurity incidents and response within the product development lifecycle
• Work with internal teams to implement lessons learned from security incidents and continuously improve security measures
• Conduct post-incident reviews and develop preventative measures to mitigate future risks
• Serve as a cybersecurity subject matter expert for internal and external stakeholders
• Educate and train internal teams on cybersecurity best practices, emerging threats, and mitigation strategies
• Work closely with customers and regulatory bodies to address cybersecurity requirements and concerns

Internal & External Relationships:

• Engineering Management team – assist with the implementation of cyber security projects
• Test and Approvals department – assist with training and in the development of test programs and procedures for cyber security
• Technical Support – assist technical support with more involved customer queries and technical authoring support including review of security manuals
• Commercial sales team – Support customer-facing sales literature and promotion of cyber security awareness at DSE

Benefits:

• 25 days holiday + Bank Holidays
• Life Insurance
• Enhanced Maternity/Paternity pay
• 5% Pension contributions
• Company-wide performance-based annual bonus scheme