Siemens Energy

How to contribute to our vision

This role is being created to enhance the cybersecurity resilience of the Aeroderivative Gas Turbines (AGT) product portfolio, ensuring business continuity. As an Expert Professional (P5) within the Product Lifecycle's Service and New Unit, the Industrial Cybersecurity Officer will establish and drive cybersecurity strategy across the entire product lifecycle. To achieve this, the position will focus on three core areas: Cybersecurity Strategy & Governance, Secure Product Lifecycle Management, and Technical Security Assurance. These pillars encompass developing strategic roadmaps, embedding security-by-design principles into development processes, and executing technical risk assessments and vulnerability management. Given the focus on industrial systems, the ideal candidate will possess extensive experience with Secure Development Lifecycles (SDL) in OT environments, deep knowledge of standards like IEC 62443, and proven expertise in threat modeling and program management. A technical degree and the ability to influence cross-functional teams are essential for success.

What You Need To Make a Difference

• 40% Cybersecurity Strategy & Governance
  • Develop and maintain a comprehensive cybersecurity strategy for the AGT product portfolio, covering products, solutions, and services.
  • Drive the implementation of the AGT cybersecurity roadmap to continuously improve process, tooling, and competency maturity.
  • Define, measure, and report on cybersecurity Key Performance Indicators (KPIs) to management, preparing for regular performance reviews.
  • Monitor and translate market trends, customer specifications, and regulatory requirements (e.g., IEC 62443) into actionable product requirements.
  • Represent the AGT business in internal Siemens Energy cybersecurity forums and support external audits and customer assessments.
• 30% Secure Product Lifecycle Management
  • Embed Secure Development Lifecycle (SDL/DevSecOps) requirements into engineering, quality, and release processes to ensure security-by-design.
  • Establish and oversee a comprehensive vulnerability management program for the portfolio, including SBOM management, disclosure handling, and remediation tracking.
  • Consult on the nomination and approval of Industrial Cybersecurity Experts, providing technical guidance and escalation support.
• 30% Technical Security Assurance & Community Enablement
  • Lead Threat & Risk Assessments (TRAs) and security concept reviews for new and modified products and solutions, supporting risk acceptance decisions.
  • Build and coordinate a network of cybersecurity experts and ambassadors across engineering, product management, and service departments.
  • Run community enablement initiatives, including coaching, training, and awareness campaigns for distributed teams.

Certifications

• Certified Information Systems Security Professional (CISSP)
• Global Industrial Cyber Security Professional (GICSP)
• IEC 62443 Cybersecurity Expert/Specialist

Education

• Bachelor's or Master's degree in Information Technology, Cybersecurity, Electrical/Automation Engineering, Computer Science, or a comparable technical field.
• Extensive professional experience (typically 8+ years) in industrial/OT cybersecurity roles, with a focus on secure product development in embedded or industrial environments.
• Proven experience implementing and interpreting standards such as IEC 62443 and/or ISO 27001 within product organizations.

Skills

• Industrial Cybersecurity & OT Knowledge
  • Secure Development Lifecycle (SDL/DevSecOps)
  • Threat & Risk Assessment (TRA)
  • Vulnerability Management (CVSS, SBOMs)
  • Industrial Control Systems (ICS) / OT Architecture
  • Industrial Cybersecurity Standards (IEC 62443, ISO 27001)
  • Network Security Controls (Segmentation, Hardening)
• Program & Stakeholder Management
  • Program Management
  • Strategic Thinking
  • Influencing Skills
  • Collaboration
  • Community Enablement & Coaching
• Technical & Analytical Abilities
  • Analytical Skills
  • Data-Driven Decision Making