Position/ Role: Project Security and Privacy Manager
Job Type: Full time
Total Work Experience: 5 – 15 Years; Automotive Security Experience: 3-10 Years
Work Location: Bangalore (Electronics City, Phase II)
Immediate joiners preferred.
- Plans and organizes automotive ISO 21434 security related work products for a project.
- Acts as interface to other domains for all Security or Privacy aspects.
- Defines and gets agreement upon the mechanisms/requirements that will help to ensure Security of the product and Privacy of its users.
- Aligns development interface agreement for Security and Privacy with customer and suppliers.
- Prepares and conducts Security Assessments at various stages of Product Life cycle.
- Performs Impact Analysis and Security and Privacy Risk Assessments
Skill set required:
- Knowledge in Automotive Security (ISO 21434, IT security, SW, HW, System) and Data Protection (privacy regulation)
- Knowledge in Automotive Architectural modelling and Requirement Engineering
- Knowledge in Automotive Security & Privacy standard, methods, and approaches
- Knowledge in Automotive technical risk analyses, e.g. TARA, STRIDE, Security FMEA, ...
- Good Exposure to Automotive product development project life cycle
- Working knowledge of DOORS, Rhapsody, JIRA, JAZZ, SCM and HEP landscape
The detailed description is as follows:
- The PSPM will plan and organize the security-related aspects and their work products for a specific component project.
- The PSPM will act as the interface to other level PFSMs, system architect, project team and customer for all security or privacy aspects regarding the full chain of effect of dedicated system level.
- The PSPM will define the security and privacy work products, track their status and prepare reports about the maturity and proactively communicate risks to the project manager.
- The PSPM will also care for an adequate training status of the development team to ensure that security and privacy concepts are chosen and implemented according to the state-of-industry-and-art.
- The PSPM is responsible to define and agree upon the mechanism that will help to ensure security of the product and the privacy of its users.
- The PSPM will closely work together with the system architect to support a common understanding within the development team, deriving a system and software security architecture.
- As Cyber Security Production Manager (CySPro) the PSPM discuss, analyze, collaborate, communicate between R&D, production, KMD and OTC backend and define the security relevant content of the product test specification and the Cybersecurity configuration.
- In case the PSPM is allocated as Security and Privacy Maintenance Manager (SPMM), he/she has role to manage and coordinate all SP Maintenance activities throughout all phases of SP Maintenance
- In a security relevant project there might be the need to exchange business critical secret information from the OEM to Continental and within Continental. As Project Secret Information Manager (PSIM) the PSPM will act as trusted contact person for the OEM and take care for appropriate distribution of required business critical information according state-of-the-art IT security standards.
- The PSIM will closely work together with the BU IT Security Advisor.
B B.E/M. Tech /B. Tech /M. E/ Ph. D (Electrical/Electronics)
Main Activities
- Consult quote team and estimate costs and effort for security and privacy (S&P) related content
- Align development interface agreement for S&P with customer and suppliers
- Assure adequate tailoring of development process and the relevant S&P activities and work products pending on development scope
- Provide Project S&P Plan and Schedule
- Initiate and plan SEC assessment
- Ensure adequate S&P training of project participants
- Ensure the application of measures for the avoidance of systematic errors
- Plan and trace work products and their reviews which are part of Security Case
- Align of active monitoring of field and security and privacy community with SPM BU
- Tracking of implementation status and perform the S&P Risk Assessment for each delivery release.
- Interfaces to the customer and supplier for S&P
- Creation and adaptation of system requirements with S&P aspects, including tracing to architecture and S&P goals (if available)
- Creation and adaptation of system architecture with S&P aspects
- Creation and adaptation of the S&P concept with all involved stakeholders (customer, supplier, SLE, SW PM, HW LE, MEC LE, production and quality) which ensures/secures operation of product, including protections against violation of S&P
- Perform Security & Privacy Analysis and Risk Assessments (VARA, PIA)
- Responsible to collect, document (e.g. in Doors) and analysis (delta-analysis) of the Security relevant requirements from all quotes and application projects of one dedicated OEM (Lead-PSPM)
- Generic assessment of non-functional OEM requirements independent of application scope (Lead-PSPM)
- Act as OEM contact person for exchange of Secret Information used for development (PSIM)
- Distribute secret information within Continental (PSIM)
- In case allocated support maintenance as SPMM
- The PSPM reports to the SLE, Line Manager and the SPM BU
Allocation of S&P responsibilities within the project:
- Definition of S&P responsibilities for entire system and subsystems and detailed (if necessary: delegation or grouping of activities) in cooperation with the SLE.
- Discuss all project related S&P issues internally and with the customer.
- Initiation of escalation in case of unsatisfactory assessment results.
Ready to drive with Continental? Take the first step and fill in the online application.