Director Cyber Sec

Do you have a passion for everything related to product security Are you at a point in your career where you aspire to make a significant impact within an organization If so, Honeywell's Building Automation business (BA) is looking for a Product Security Leader (PSL) for their Security and Access Solutions (SAS) strategic business unit. This senior technical non-supervisory role is integral to the BA Product Security team and offers the opportunity to play a key role in directing cybersecurity and privacy strategies for all products developed for the Security and Access Solutions business.Reporting to the BA Cybersecurity Chief with matrix reporting to the SAS Vice President and Chief Technology Officer (VP/CTO), as the SAS PSL, you will have a pivotal role in shaping the cybersecurity and privacy strategies to secure the products within the SAS portfolio.Responsibilities:- Serve as the SAS VP/CTO's chief advisor on product security, privacy strategies, and cyber risk management for the product portfolio.- Influence the development of SAS products to ensure they are secure by design and default as a member of the VP/CTO's extended leadership team.- Build strong working relationships with Engineering, Legal & Marketing to promote secure development practices.- Coach Product Security Directors, Security Architects, Security Champions & developers to enhance their product security capabilities.- Drive product security metrics for SAS products throughout their development lifecycle for continuous improvement.- Collaborate with the SAS VP/CTO to ensure customer security, Product Security Risk Management, and compliance with corporate and BA Product Security Risk Management policies across all SAS products.- Encourage the adoption of product security requirements and BA standard components within SAS.- Enhance product security processes, maintain lean practices, and optimize security.- Contribute to the BA Software Security Group (SSG) to promote secure-by-default design practices and a security-focused culture.- Lead cross-functional activities to support incident response and closure.- Address critical customer cybersecurity issues, product security compliance, and external security certifications.- Develop a high-performing product security team by recruiting top talent and fostering a culture of learning and excellence.Qualifications:Required:- 6+ years of experience in securing Cloud, Mobile, and on-premises software, including embedded Linux and RTOS systems, as well as installable Windows client and server software.- Understanding of DevSecOps and 2+ years of hands-on leadership experience in software development.- 10+ years of experience in technology and cybersecurity.- Proficiency in secure software development lifecycle, threat modeling, security reviews, penetration tests, and security incident response.- Knowledge of cybersecurity frameworks such as ISA/IEC 62243, NIST 800-53, NIST RMF, etc.- Experience in conducting secure product reviews using automated and manual activities.- Familiarity with security by design principles and architecture-level security concepts.- Up-to-date knowledge of current and emerging security threats and exploitation techniques.- Strong communication and leadership skills.- Bachelor's degree in computer science, software engineering, electrical engineering, or equivalent experience.- Interpersonal skills to facilitate diverse groups, negotiate priorities, and resolve conflicts.Preferred:- Understanding of Agile, SAFe, SCRUM, etc., development methodologies.- Security and privacy certifications demonstrating practical knowledge, with CSSLP preferred.About Us:Honeywell is dedicated to helping organizations tackle the world's most complex challenges in automation, aviation, and energy transition. As a trusted partner, we offer innovative solutions through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments powered by our Honeywell Forge software. Our mission is to create a smarter, safer, and more sustainable world.,

• Job Tags scrum, cyber security, agile, cloud security, security frameworks

Sign-in & see how your skills match this job

Sign-in & Get noticed by top recruiters and get hired fast

Mobile Security, Cloud Security, Vulnerability Management, GRC, Security Operations, IAM, Application Security, Nessus, Threat Modeling, Qualys,SAST, DAST, DevSecops, Threat Modelling, Logging Audit, Burpsuite, Devsecops, Ethical HackingCEH, SSLSecure Sockets Layer, Vulnerability AssessmentPenetration Testing, Web Security, Webservices Security, Vulnerability testing, Mobile Security Testing

Mobile Security, Cloud Security, Vulnerability Management, GRC, Security Operations, IAM, Application Security, Nessus, Threat Modeling, Qualys,SAST, DAST, DevSecops, Threat Modelling, Logging Audit, Burpsuite, Devsecops, Ethical HackingCEH, SSLSecure Sockets Layer, Vulnerability AssessmentPenetration Testing, Web Security, Webservices Security, Vulnerability testing, Mobile Security Testing

CEH, network security, application security, cloud security, identity management, SIEM, Splunk, QRadar, firewalls, encryption, threat modeling, penetration testing,CompTIA Security, AWSAzure Security, endpoint protection, vulnerability scanners, incident response, cloud security frameworks, DevSecOps

Network Security, Cloud Security, Rest Api, Kubernetes, Automation, Python, Security Engineering, Cryptography, Certificate Authority, HITRUST, Cyber Security, Security Incident Response,OS Security, Container Security Assessments, AWS Services, Static Dynamic Code Analysis, Penetration Testing Methodologies, Information Security Analyses, Encryption Algorithms, Public Key Infrastructure, OAUTH Authentication, 2FA, AWS Solution Architect, NIST 80053, CISSTIG Benchmark Audit, SOC2, Threat Modelling, Security Reviews, Penetration Tests, Security by Design Principles, Architecture Level Security Concepts, Security Threats, Exploiting Security Vulnerabilities

Mobile Security, Cloud Security, Vulnerability Management, GRC, Security Operations, IAM, Application Security, Nessus, Threat Modeling, Qualys,SAST, DAST, DevSecops, Threat Modelling, Logging Audit, Burpsuite, Devsecops, Ethical HackingCEH, SSLSecure Sockets Layer, Vulnerability AssessmentPenetration Testing, Web Security, Webservices Security, Vulnerability testing, Mobile Security Testing

Mobile Security, Cloud Security, Vulnerability Management, GRC, Security Operations, IAM, Application Security, Nessus, Threat Modeling, Qualys,SAST, DAST, DevSecops, Threat Modelling, Logging Audit, Burpsuite, Devsecops, Ethical HackingCEH, SSLSecure Sockets Layer, Vulnerability AssessmentPenetration Testing, Web Security, Webservices Security, Vulnerability testing, Mobile Security Testing

CEH, network security, application security, cloud security, identity management, SIEM, Splunk, QRadar, firewalls, encryption, threat modeling, penetration testing,CompTIA Security, AWSAzure Security, endpoint protection, vulnerability scanners, incident response, cloud security frameworks, DevSecOps

Network Security, Cloud Security, Rest Api, Kubernetes, Automation, Python, Security Engineering, Cryptography, Certificate Authority, HITRUST, Cyber Security, Security Incident Response,OS Security, Container Security Assessments, AWS Services, Static Dynamic Code Analysis, Penetration Testing Methodologies, Information Security Analyses, Encryption Algorithms, Public Key Infrastructure, OAUTH Authentication, 2FA, AWS Solution Architect, NIST 80053, CISSTIG Benchmark Audit, SOC2, Threat Modelling, Security Reviews, Penetration Tests, Security by Design Principles, Architecture Level Security Concepts, Security Threats, Exploiting Security Vulnerabilities