Connected Product Compliance and Cybersecurity

COMPANY PROFILE:
WHO WE ARE LOOKING FOR:
The position will be primarily responsible that our connected products are meeting or exceeding regulatory requirements in the digital domain. That our company develops and maintains policies, processes, standards and guidelines for safe connected products. That mechanisms are in place to track the adherence to and execution of the procedures. Threats and risks on the products from digitalization are appropriately managed through the complete product lifecycle, from product concept until decommissioning. Development of regulations on new digital technologies is under control, and you support the CNHi Institutional Relations department in their activities with the regulatory bodies.

YOUR KEY RESPONSIBILITIES:
In this position you will:

- **Cybersecurity**
- Steer the implementation of a Cybersecurity Management System compliant with UN ECE Reg. 155 CSMS
- Track the execution of the CSMS activities on the vehicles as part of the over-arching product safety master procedures
- Track and steer the upgrade of the product portfolio to adhere to the European Machinery Product Regulation as concerns cybersecurity and software updates
- Ensure components and products are RED compliant (European Radio Equipment Directive)
- Monitor the development of the new European Cybersecurity Resilience Act
- Lead the company towards best-in-class cybersecurity practices, drawing inspiration from standards such as ISO 21434
- Collaborate on the development of a new cybersecurity standard specific for the agricultural equipment industry
- **Software updates**
- Initiate and develop the strategy for a Software Update Management System compliant with UN ECE Reg. 156 SUMS.
- Work together with an external partner to make a gap analysis and roadmap for software updates
- Define the gap in tools and personnel and make a proposal for management on how to address it.
- Initiate a cross-functional workgroup to address the gaps and implement the roadmap.
- **Non-personal data**
- Ensure company procedures are aligned with the European Data Act and Data Governance Act.
- Monitor the development of “Data Spaces”, like Gaia-X, International Data Spaces, and AgIN. Advise the company on how to address these initiatives, which have a strong political dimension.
- Become an expert on smart contracts and how it will affect our products.
- **General**
- Works closely with the Institutional Relations department, IT Security, Digital, Vehicle Electronics and the Product Development platforms.
- Monitor development of all new regulations in the digital world for future compliance of our product portfolio.
- Take pro-active measures to ensure our products will meet regulatory requirements

YOUR KEY COMPETENCES AND QUALIFICATIONS:

- Master's Degree in Computer Science, Engineering, Information Systems Management, Information Security, or other related fields
- 5+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs
- Strong experience with Governance, Risk, and Compliance tools and technology
- Strong technical experience in security or technology risk assessment, with proficiency in a risk management framework and the ability to assess administrative and technical controls
- Proven ability to develop risk management strategies that align with business goals and protect the confidentiality, integrity and availability of information systems and data
- Demonstrated understanding of on-board vehicle systems.
- A demonstrated practical, real world, collaborative approach to problem solving with the ability to make sound decisions and accept result accountability.
- Ability to understand and interpret regulatory requirements and the business implications, assessing risks and provide concise business-focused advice.
- Excellent verbal and written communication skills, with the ability to convey technology and security concepts to management
- The ability to work independently and multitask effectively to successfully manage projects in a diverse, project-oriented environment
- Experience with various security & compliance frameworks and requirements including NIST, ISO 27001, COBIT, SOC 2, UN ECE Reg. 155 CSMS, UN ECE Reg. 156 SUMS, ISO 21434, etc.