(Lead) Cybersecurity Architect

Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity in a leading industrial company? We would like to have you on our team to keep smart cities cybersecure! 

The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. It's where we combine the physical world – escalators and elevators – with smart and connected digital systems. We are changing and improving the way billions of people move within buildings every day. 

Within the KONE Technology & Innovation function, we have a dedicated Cybersecurity unit for assuring the security of KONE enterprise, product, and industrial assets. 

Our solutions encompass everything from embedded elevator controller systems to cloud services and mobile applications for end users, leveraging the latest in cloud and IoT technologies. We currently hold certifications such as ISO 27001, IEC 62443-4-1, and UK Cyber Essentials Plus—and we're just getting started! We aim to further develop and refine our cybersecurity processes, practices, and tools. 

We’re now looking for a Cybersecurity Architect to join our team.

In this role you will take lead in cybersecurity maturity improvements that are practical and effective in reducing the security risk.

You enjoy working in co-operation with global architecture, IT and R&D teams, as well as business stakeholders. You have a strong theoretical understanding of cybersecurity requirements and experience in applying them to practice. You don’t shy away from getting hands on with other architects and product owners to guide them or help them implement the necessary security improvements. You are eager to learn from incidents and stakeholder feedback to develop the processes and tools for greater effectiveness. 

You might have a background in software development or IT solution management or perhaps you started as a security engineer. In any case, you have decided to apply your experience and knowledge in security architecture. You have an ability to communicate to various audiences and you can both deal with big picture as well as with details when so required. KONE values of Courage, Customer, Collaboration and Care strike a chord in you.  

We offer a chance to work with products that are used by over a billion users daily, products that are widely recognized by their quality and innovation. We respect our talented employees and offer flexible working conditions in a supportive global team of cybersecurity experts. 

The position is located in Espoo or Hyvinkää, Finland.  

Responsibilities 

• Lead the development of security architecture for IT, OT and IoT domains. 

• Define secure development and operations guidelines, design patterns and best practices to ensure repeatability and improvement of security implementation. 

• Participate in selected major IT or R&D development projects as the security architecture advisor. – Guide the projects in threat modeling and risk assessments, and security reviews and testing. 

• Participate in the analysis of incidents to optimize the cyber defense mechanisms. 

• Ensure continuous improvement of KONE processes and tools to stay updated with the latest security threats and trends. 

Requirements 

• M.Sc. or D.Sc. or equivalent in cybersecurity or another relevant technical field. 

• 8+ years of relevant working experience, of which at least 3+ years in a cybersecurity lead engineer or architect position. CISSP, CSSLP, or other relevant security certification is considered a plus. 

• Practical experience with at least one cloud platform (AWS or Microsoft Azure). AWS or Microsoft architect certifications are considered a plus. 

• Practical experience in threat modeling and security risk management in an enterprise context. 

• Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects. 

• Practical experience in conducting security testing and managing vulnerabilities throughout product lifecycle. Offensive security certifications are considered a plus. 

• Strong understanding of security operations and incident response processes. 

• Deep familiarity with security standards and frameworks (for example: NIST CSF, ISO 27001, IEC 62443, OWASP) 

• Familiarity with emerging and existing regulation on security (for example: EU CRA, US CMMC)  

• Excellent interpersonal and communications skills in English 

• Strong stakeholder management skills, ability to influence and communicate complex technical matters to non-technical stakeholders 

• Forward thinking; anticipating the business and customer needs, evolving threat landscape and regulation in designing fit for purpose security solutions 

For additional information, please contact Jussi Valkiainen, Head of Cybersecurity, Products and Applications via email jussi.valkiainen@kone.com 

Want to join the #PeopleFlow?

If you are interested in this opportunity, please apply via our careers site www.kone.com/jobs with your CV and cover letter latest by 6th of October, 2024.

We look forward to hearing from you!

Buzzwords: Application security, vulnerability disclosure, SBOM, Cyber Resilience Act, NIS2, DevSecOps, Cyber defense, incident response, risk-based approach, 

#LI-IT 

At KONE, we are focused on creating an innovative and collaborative working culture where we value the contribution of each individual. Employee engagement is a key focus area for us and we encourage participation and the sharing of information and ideas. Sustainability is an integral part of our culture and the daily practice. We follow ethical business practices and we seek to develop a culture of working together where co-workers trust and respect each other and good performance is recognized. In being a great place to work, we are proud to offer a range of experiences and opportunities that will help you to achieve your career and personal goals and enable you to live a healthy and balanced life.

Read more on www.kone.com/careers