Xylem Sr. Director, Product Cybersecurity Leader in Morton Grove, Illinois

Xylem (XYL) is a leading global water technology company committed to developing innovative technology solutions to the world’s water challenges. The Company’s products and services move, treat, analyze, monitor and return water to the environment in public utility, industrial, residential and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced infrastructure analytics solutions for water, electric and gas utilities. The Company’s more than 16,500 employees bring broad applications expertise with a strong focus on identifying comprehensive, sustainable solutions. Headquartered in Rye Brook, New York with 2017 revenue of $4.7 billion, Xylem does business in more than 150 countries through a number of market-leading product brands.

The name Xylem is derived from classical Greek and is the tissue that transports water in plants, highlighting the engineering efficiency of our water-centric business by linking it with the best water transportation of all – that which occurs in nature. For more information, please visit us at www.xylem.com .

The Role: Reporting directly to Xylem’s CISO, the Product Cybersecurity Leader is responsible for developing and leading a product security program to align Cyber Security services with application and embedded systems development teams who are creating products, services and solutions across our global brands and growth centers. This includes defining the processes, standards, solutions stack, and services as well as identifying gaps in capabilities and making recommendations for continued improvement.

The Product Cybersecurity Leader will function across the organization as a subject matter expert for the secure software and systems development lifecycle. They will partner with other Cybersecurity leaders as well as Xylem businesses to build the Secure SDLC program to support the design, development and deployment of secure solutions by understanding the technical aspects of the business problems and applying proven engineering knowledge across many different development methodologies.

The position will also be responsible for building and managing a technical team to support Xylem’s global cyber security initiatives and goals, as well as ensuring that the staff has the right technical breadth and depth to support current platforms and future technology direction.

Essential Duties/Principal Responsibilities:

  • Develop and implement global security strategy and practices for Xylem products using an intelligence and threat-driven defense model.

  • Use strong interpersonal skills to articulate security requirements to technical and non-technical audiences.

  • Support teams in designing, implementing, deploying, and sustaining systems that start out and remain secure.

  • Govern and enforce the effective implementation of product security practices in new product innovation initiatives.

  • Develop security and compliance capabilities in support of DevOps processes.

  • Establish and govern an industry recognized product security framework.

  • Institutionalize practices for identifying and quantifying product and portfolio product security risks.

  • Participate in Xylem’s software development group providing input on cyber policies, risk management, processes, technology development and strategy.

  • Track team progress and produce metrics that show effectiveness of Cyber Security programs.

  • Provide training, coaching, and expert consultation in secure development practices to the business and development teams.

  • Through influence, ensure adoption of Product Security initiatives standard components across Xylem’s global product teams.

  • Act as the focal point for critical customer cybersecurity issues (PSIRT), product security compliance, and external security certifications.

  • Monitor external security sources for vulnerabilities which impact Xylem products.

  • Interface with Legal and Marketing Communications group to manage communications of cybersecurity related matters.

  • Review and approve security notifications to inform customers of urgent security issues which may impact their Honeywell products.

  • Be a liaison between Enterprise Cyber Security (GRC, Architecture & Engineering, Cyber-Defense) and development teams.

  • Coordinate and track remediation of product security incidents.

  • Determine solutions to facilitate the Cyber Security team’s involvement in software and systems development.

  • Escalate and brief senior management on issues affecting technology delivery.

  • Communicate effectively with representatives of the Growth Centers, technology specialists, and senior leaders.

Minimum Qualifications: Education, Experience, Skills, Abilities, License/Certification:

  • Bachelor's degree in Computer Science, Engineering or Cybersecurity field required

  • 8-10+ years’ experience in an application security-based role with technical delivery experience.

  • Demonstrated experience building and managing teams (including direct and indirect reports globally), as well as third-party vendor relationships.

  • Experience working with development teams.

  • Excellent technical subject matter expertise in an area such as the software development lifecycle, continuous integration/delivery, application security testing, and/or secure data sharing workflows.

  • Certifications in security demonstrating deep practical knowledge such as CSSLP or CISSP

  • Experience using and developing fuzz testing tools

  • Experience with development and IoT tools such as Confluence, Jira, SensorThings, ThingWorx

  • Knowledge of popular coding languages such as Java, Javascript, Python

  • Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response

  • Understanding of security by design principles and architecture level security concepts

  • Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

  • Experience with deploying applications in the cloud (AWS, Azure, Google Cloud).

  • In-depth experience identifying and protecting against web application mobile application vulnerabilities

  • Ability to balance multiple demands in a fast-paced growing environment

  • Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

Preferred Qualifications:

  • Master's degree in Computer Science or Cybersecurity

  • Experience in software development

Key Competencies:

  • Analytical decision making

  • Business focused delivery

  • Continuous improvement mindset

  • Cross-boundary collaboration

  • Design Excellence

  • Influential communication

  • Inspiring accountability

  • Leading indirect team members

  • Managing change

  • Planning & prioritizing work

Key Relationships:

  • External: Cybersecurity solution providers.

  • Internal: Global software development teams, product managers, engineering,

Physical Demands:

(The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

  • Regularly required to sit or stand, reach, bend and move about the facility

Work Environment:

(The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

  • Office: Standard office equipment; work usually performed in an office setting free from any disagreeable elements.

  • Standard weekly job hours: 40 hours

  • Travel: 25%

EOE including disability and veteran