ASSA ABLOY Opening Solutions
10 000+ employés
🔐 Sécurité
🔧 Matériel
🤝 B2B
Security • Hardware • B2B
ASSA ABLOY Opening Solutions est un leader dans le domaine de la technologie de sécurité, spécialisé dans le développement et la production de systèmes de verrouillage mécaniques et électromécaniques, de solutions de contrôle d'accès, et de systèmes de verrouillage pour divers bâtiments résidentiels, commerciaux et publics. L'entreprise est reconnue pour ses produits innovants qui garantissent sécurité et confort, répondant aux besoins diversifiés allant des établissements de santé aux institutions éducatives. Avec une gamme complète de solutions, ASSA ABLOY assure le déplacement sécurisé et fluide des personnes, des biens et des informations à travers de nombreux secteurs.
Senior Product Vulnerability Manager
Emploi pas sur LinkedIn
🕒 il y a 1 mois
🗣️🇺🇸🇬🇧 Anglais requis
📊 Vérifiez votre score de CV pour ce poste
Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.
ASSA ABLOY Opening Solutions
10 000+ employés
🔐 Sécurité
🔧 Matériel
🤝 B2B
Security • Hardware • B2B
ASSA ABLOY Opening Solutions est un leader dans le domaine de la technologie de sécurité, spécialisé dans le développement et la production de systèmes de verrouillage mécaniques et électromécaniques, de solutions de contrôle d'accès, et de systèmes de verrouillage pour divers bâtiments résidentiels, commerciaux et publics. L'entreprise est reconnue pour ses produits innovants qui garantissent sécurité et confort, répondant aux besoins diversifiés allant des établissements de santé aux institutions éducatives. Avec une gamme complète de solutions, ASSA ABLOY assure le déplacement sécurisé et fluide des personnes, des biens et des informations à travers de nombreux secteurs.
Description
• Defining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosure. • Establishing standardized vulnerability triage and risk prioritization methodologies that work across the organization. • Defining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organization’s expectations and regulatory requirements. • Owning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordination. • Translating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligations. • Defining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelines. • Establishing minimum tooling and coverage baselines across product types and ensure consistent adoption. • Defining and operationalizing SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilities. • Developing scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilities. • Defining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processes. • Establishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelines. • Providing executive-level reporting and insights on product vulnerability risk posture. • Defining governance processes, including exception handling, risk acceptance, and escalation pathways. • Leading audit and assessment readiness related to vulnerability management processes and outputs. • Building and leading a small team responsible for program operations, tooling, and disclosure coordination. • Partnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organization. • Acting as the central authority for product vulnerability management practices across the organization. • Enabling a federated operating model where product teams own remediation while adhering to centralized standards and processes. • Driving consistency in vulnerability handling across a large and diverse product portfolio. • Ensuring vulnerability management practices scale effectively across hundreds of products and multiple technology domains. • Providing strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processes. • Supporting regulatory audits and customer inquiries related to vulnerability management and disclosure practices.
🎯 Exigences
• Experience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security context. • Strong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosure. • Working knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10). • Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelines. • Experience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product context. • Familiarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagement. • Familiarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA). • Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programs. • Strong ability to define processes, standards, and governance models that scale across large organizations. • Excellent communication skills with the ability to translate technical risk into business impact. • Experience operating in large-scale, multi-product environments with distributed engineering teams is preferred. • Experience establishing or managing SBOM and software supply chain vulnerability programs is preferred. • Experience with vulnerability disclosure programs or bug bounty platforms is preferred. • Experience working in regulated industries or environments with strong compliance requirements is preferred. • Experience with Agile/SAFe methodologies is preferred. • Experience leading or mentoring small, high-impact teams is preferred.
🏖️ Avantages
• Competitive salary and rewards package • Competitive benefits and annual leave offering, allowing for work-life balance • A vibrant, welcoming & inclusive culture • Extensive career development opportunities and resources to maximize your potential
Postuler MaintenantEmplois Similaires
🕒 il y a 1 mois
Configuration Manager handling the upgrade, operation and maintenance of Medicaid information systems at GDIT. Ensuring configuration management processes and compliance across complex health projects.
🇺🇸 États-Unis – Télétravail
💵 $111 155 - $150 385 / an
⏰ Temps Plein
🟡 Intermédiaire
🟠 Senior
👔 Manager
🦅 Parrain de Visa H1B
🗣️🇺🇸🇬🇧 Anglais requis
🕒 il y a 1 mois
Manager overseeing consulting assignments for financial risk management clients in a remote setting. Leading a team and collaborating with stakeholders on project deliverables while managing budgets and timelines.
🗣️🇺🇸🇬🇧 Anglais requis
🕒 il y a 1 mois
Contract Manager overseeing contract management functions in the Legal Department for Cologix. Collaborating with cross-functional teams to support commercial transactions and legal operations.
🗣️🇺🇸🇬🇧 Anglais requis
🕒 il y a 1 mois
General Manager leading digital media initiatives for Operation Sports, overseeing editorial direction and community engagement. Driving business growth and audience expansion in sports gaming.
🗣️🇺🇸🇬🇧 Anglais requis
🕒 il y a 1 mois
Experienced BIM Manager on engineering team ensuring high-quality digital designs and document control processes. Supporting MEP disciplines with hands-on Revit drafting and project leadership.
🗣️🇺🇸🇬🇧 Anglais requis
