Product Security Lead

The VTBA Product Security Lead is the accountable authority for product cybersecurity governance and regulatory readiness across the Vacuum Technique Business Area. The role exists to ensure VTBA products are secure‑by‑design, compliant with evolving global product cybersecurity regulations, and resilient throughout their lifecycle, while enabling divisions to deliver innovation at speed and scale.

A core purpose of the role is to establish a consistent and scalable product security operating model across divisions, driving alignment, strengthening internal capability, and embedding sustainable practices within product development teams. Success is demonstrated by consistent and auditable product security practices, effective incident coordination, reduced cybersecurity risk, strong engagement from engineering teams, and long‑term organisational ownership of product security.

The VTBA Product Security Lead establishes a sustainable operating model, strengthening internal capability and customer trust without long‑term reliance on external consultants

Main Responsibilities:

. Own VTBA product security governance and CRA compliance, ensuring consistent application of Group standards, policies, and secure by design principles across all divisions.
. Act as the accountable VTBA owner for EU Cyber Resilience Act readiness, maintaining audit ready evidence and ensuring timely, accurate regulatory reporting inputs.
. Provide decision authority for product security risk and vulnerability management, including severity classification, remediation priorities, patching timelines, and exception handling.
. Define and oversee secure product architecture and threat modelling practices, ensuring proportionate risk mitigation for new products, platforms, and major design changes.
. Ensure complete and compliant lifecycle cybersecurity documentation, including SBOMs, risk assessments, update processes, and conformity materials supporting CE marking and CRA assessments.
. Lead VTBA coordination with the Group PSIRT during incidents, ensuring effective investigation, remediation, lessons learned, and continuous maturity improvement.
. Drive adoption of product security practices within divisional product development teams, building alignment, trust, and ownership through clear guidance, engagement, and pragmatic enablement.
. Establish and mature a sustainable internal product security operating model, integrating external CRA support in the short term while transitioning to a fully internal operating model by mid 2027, strengthening capability across VTBA and ensuring long‑term effectiveness without reliance on individuals or ad‑hoc solutions.

We encourage you to apply even if you don't meet every single requirement. We value diverse experiences and perspectives and are excited to see what you bring to the role.

You will have Bachelor's degree or higher in Engineering, Computer Science, Cybersecurity or equivalent experience

• Experience: Minimum 8 years in product security, cybersecurity engineering or secure product development
• Knowledge & Skills: Secure SDLC, vulnerability management, threat modelling, CRA, IEC 62443, ISO/IEC 27001, NIST
• Strong governance mindset, balancing risk, compliance, and business objectives
• Excellent stakeholder engagement / management and communication skills
• Ability to make and defend security decisions under regulatory pressure
• Structured and analytical approach to risk and compliance management
• Comfortable operating with partial information during incidents or crises
• Experience coordinating across multiple teams, divisions, or regions often without direct reporting line authority

• Culture of trust and accountability
• Lifelong learning and career growth
• Innovation powered by people
• Comprehensive compensation and benefits
• Health and well-being

This role offers a hybrid working arrangement, allowing you to split your time between working remotely and being on-site at one of our global locations.

Talent Acquisition Team: Kirsty George

Uniting curious minds
Behind every innovative solution, there are people working together to transform the future. With careers sparked by initiative and lifelong learning, we unite curious minds, and you could be one of them.