Assignment description

2 Product Cybersecurity Risk Management and Requirements Coordination/Engineering within the Product Cybersecurity Team in the Digital & Security department. The role requires managing the regulation UN ECE R155 demands within daily operation (PSIRT) tasks including monitoring, vulnerability management, and incident handling, as well as project-related tasks for enhancement within the PCS operation & development area.

Key responsibilities include overseeing PCS risk identification, investigations, and mitigation across vehicle (onboard) and vehicle-related infrastructure systems (offboard). Leading PCS vulnerability management efforts and managing relationships with external product security operation suppliers are critical. The role also involves reviewing and validating cybersecurity requirement specifications for automotive ECUs, design verification reports, software test reports, test results, and fault reports against cybersecurity requirements.

Knowledge of Threat Analysis and Risk Assessment (TARA) methodologies, including Item TARAs and Architectural TARAs, is required. Familiarity with Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) for compliance and risk assessment is important. The ability to identify and mitigate risks from restricted software/hardware sources is necessary. Strong documentation and reporting skills for compliance audits are essential.

Service Delivery Requirements:

- Work within operational PCS risk and incident management to provide risk identification, investigations, and mitigation across vehicle and vehicle-related infrastructure systems.

- Lead and coordinate risk and requirements coordinators in the risk register, vulnerability tracking, and security incidents.

- Act as the primary coordinator and decision-maker during incident management.

- Drive communication and collaboration with PCS Risk Coordinators across business units for unified and effective incident handling.

- Maintain timely and accurate communication with executive leadership, relevant stakeholders, and external parties as required.

- Oversee documentation of all incident response activities, ensuring compliance with regulatory and organizational requirements (e.g., UN ECE R155, ISO/SAE 21434).

- Review and validate ECU cybersecurity requirements and verification & validation artifacts; drive findings to closure with engineering.

- Support ECU teams with TARAs (Item & Architecture), facilitate sessions, update risk values/assumptions, recommend mitigations, and maintain the cybersecurity risk register.

- Manage compliance evidence and produce audit-ready documentation for ISO/SAE 21434 and UNECE R155.

Work Process:

Work to ensure the Cybersecurity Management System (CSMS) is fulfilled according to UNECE R155 regulation.

Substantive Industry Standards and Norms:

- UNECE R155

- ISO 21434

Technical Evaluation Criteria (KPI):

- Cybersecurity Requirements Coverage: 100% of ECUs reviewed and approved before design freeze.

- Compliance Evidence Readiness: ≥ 95% of projects with complete ISO/SAE 21434 & UNECE R155 work products ready for audit.

- Incident Responsiveness: Average resolution time ≤ 7 days for critical incidents.

- SLA Compliance for Risk & Vulnerabilities: ≥ 90% closed within defined SLAs.