Roles#

Security Manager
status: draft
tags: security_management
contains: rl__committer
contained by: rl__platform_team, rl__module_team
is responsible for: wf__cr_mt_security_plan, wf__mr_vy_security, wf__consult_exe_sec_training, wf__tool_approve_tool_verification_report
approves: wf__cr_mt_security_package, wf__cr_mt_security_manual, wf__cr_mt_security_sbom, wf__tool_evaluate_tool, wf__tool_qualify_tool, wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch, wf__mr_sec_analyses, wf__vy_sec_analyses
supports: wf__change_create_cr, wf__change_analyze_cr, wf__change_implement_monitor_cr, wf__change_close_cr, wf__cr_mt_featarch, wf__cr_mt_comparch, wf__mr_vy_arch, wf__p_fs_audit_security, wf__p_formal_security_rv, wf__tool_create_tool_verification_report, wf__req_feat_req, wf__req_feat_aou, wf__req_comp_req, wf__req_comp_aou, wf__req_proc_tool, wf__analyse_platform_featarch, wf__analyse_featarch, wf__analyse_comparch, wf__mr_saf_analyses_dfa, wf__vy_saf_analyses_dfa, wf__exe_pltprocess_audit, wf__exe_featprocess_conformance_checks, wf__consult_exe_qly_training, wf__mr_imp_qlm_plan_processes, wf__platform_cr_mt_platform_mgmt_plan, wf__platform_mr_im_platform_mgmt_plan, wf__problem_create_pr, wf__problem_analyze_pr, wf__problem_initiate_monitor_pr, wf__problem_close_pr

The Security Manager is responsible for making sure that ISO SAE 21434 is complied to in the project. The Security Manager shall lead and monitor the security relevant activities of the project.

Required skills

  • Degree: Master’s degree in electrical engineering/computer science/mathematics, or similar degree, or comparable work experience

  • Solid understanding of security management

  • Knowledge in project management

  • Deep understanding of quality criteria and the correlating methods and procedures to achieve and verify them

  • Technical know-how of embedded systems

  • Preferred training: (Automotive) Cybersecurity Specialist (CySec) or similar

Knowledge of standards

  • ISO SAE 21434

Experience

  • 2 years of experience in the management of security topics

  • Experience in managing projects

  • Experience in managing security weaknesses, vulnerabilities

Responsibility

  • Creates and maintains the Security Plan

  • Creates and monitors the completeness of the security package

  • Creates and maintains the Security Manual

  • Supports creation and maintaining of the SBOM

  • Verifies, that the preconditions for the “release for production”, which are part of the release notes, are fulfilled, and the correctness, completeness and consistency of the release notes

  • Supports reporting of security related project status

  • Reports security weaknesses, vulnerabilities

  • Coaches the project team w.r.t all questions related to security

  • Plans and approves the security audit (to be discussed, currently not in scope)

  • Plans and approves the formal security reviews

  • Approval of security analyses

  • Creates and maintains the security manuals on platform and module level

  • Checks that every person in his team has sufficient security skills for their role

Authority

  • Escalation of planning topics to the project manager defined in the security plan

  • Initiate the publication of a security weakness, vulnerability

  • Recommend the Release of a SW platform or a module

  • Refusing the approval of work products as defined in the workflows

  • Refusing the approval of his team’s role nomination (i.e. requesting that the role will be withdrawn)
rl__security_manager
Role