Head of Product and Operational Technology Security (f/m/d)
GEA is one of the largest suppliers for the food and beverage processing industry and a wide range of other process industries. Approximately 18,000 employees in more than 60 countries contribute significantly to GEA’s success – come and join them! We offer interesting and challenging tasks, a positive working environment in international teams and opportunities for personal development and growth in a global company.
Why join GEA
Job information
JR-0033608
Information Security, Business Continuity & Crisis Management
Full time
Peter-Müller-Straße 12, 40468 Düsseldorf
The Head of Product and Operational Technology Security (f/m/d) assures the definition and implementation of effective, efficient, and audit-proof processes for secure product development and secure production activities. He/She is accountable for the management of external security requirements, policies and procedures, assessing and handling of security risks in the GEA products, digital services and production / shopfloor environments.
With this, the Head of Product and Operational Technology Security plays a critical role in ensuring the security governance of GEA by providing and controlling the security requirements towards the product development and production department as well as GEA Digital.
This role entails being the single point of accountability for Product and Operational Technology (OT) Security, aligned with the Chief Information Security Officer (CISO). Key responsibilities include:
Developing Product and OT Security Strategy in sync with information security, production, and digitalization strategies.
Establishing transparent, audit-proof processes for Product and OT Security.
Ensuring compliance with external legal and customer requirements for GEA’s products and production technologies.
Standardizing, optimizing, and automating Product and OT Security processes in day-to-day business.
Managing policies, procedures, and processes, including technical implementation and coordination.
Developing and implementing processes for secure coding (SDLC, DevSecOps) in product and software development.
Advising departments on identifying and mitigating Product and OT Security Risks.
Integrating security into software and product testing processes.
Overseeing governance-compliant product and production-related security certifications.
Steering and monitoring external Product and OT Security service providers.
Participating in GEA’s Group Information Security Board and providing regular reporting.
Collaborating closely with various business areas and communicating with authorities in alignment with CISO.
Your profile and qualifications:
Bachelor's or Master’s degree in Information Technology, Computer Science, Cybersecurity, Business Administration, or a related technical discipline.
DevSecOps Certifications are advantageous.
Cyber and OT Security Certifications such as ISA/IEC 62443, CISSP, ISO 27001 Lead Auditor, and CISA are beneficial.
Additional security certifications like CISSP, CCSP, GCIA, and GCIH are a plus.
5+ years of leadership experience in Product and/or OT Security.
3+ years combined experience in Software Engineering, DevOps, and/or software development.
3+ years of experience in IT/OT Security related to ICS, IIoT, SCADA, DCS, PLC.
Expertise in management systems, audits, and handling audit findings.
Strong management and conceptual skills for complex security issues.
Knowledge and experience with DevOps and DevSecOps tooling (CI/CD tools, GitHub, k8s, Docker, Linux, etc.).
In-depth understanding of ISO 27001 and IEC 62443.
Familiarity with compliance standards like CIS, NIST, and DISA.
Knowledge of security standards such as ISO, PCI, HIPAA, and SOX is advantageous.
Experience in leading interdisciplinary teams and organizational change management.
Proficiency in multivendor management and dealing with external suppliers.
Strong interpersonal, communication, and negotiation skills at different levels.
Excellent communication skills in English; local language proficiency is a plus.
Strong analytical ability, business acumen, and problem-solving skills.
Capabilities in financial and budget ownership.
- For reasons of readability, no gender-specific differentiation is made in the job advertisement. However, the job advertisement is explicitly aimed at all persons, regardless of gender or lack thereof.
