Head of Cyber Security (f/m/d)

Introduction

Where experience meets opportunity: Take charge, contribute, and develop your potential.

duagon, headquartered in Switzerland, is a fast-growing global technology company specializing in embedded electronic hardware, software, and services for system-critical applications in the rail and medical market. Our innovative products in network communication, computing, and subsystem control are designed to the highest standards of safety and reliability, helping our customers accelerate their technology roadmaps and achieve optimal cost of ownership.

Your Responsibilities:

• Establishment and leadership of the Cyber Security domain with direct reporting line to the Head of Products & Engineering
• Overall responsibility for security-related product and process compliance activities
• Development and implementation of the Product Cyber Security strategy for embedded systems
• Coordination with group-level and cross-BU security organization
• Ensuring compliance with industry-specific standards (incl. IEC 62443, TS 50701, EU CRA)
• Integration of Security-by-Design into the product development process
• Conducting and coordinating Threat Modeling, risk assessments (TRA), and vulnerability evaluations
• Leading PSIRT build-up activities and the Vulnerability Management process
• Supporting certification and audit processes
• Training and coaching of development teams

Your Profile:

Education

• Degree in Computer Science, IT Security, Electrical Engineering, or equivalent
• Relevant certifications desirable (e.g., CISSP, CSSLP, IEC 62443 certification, OSCP)

Professional Experience

• At least 5 years of experience in Cyber Security plus 3 years of leadership experience
• Proven experience with Product Security for embedded systems
• Experience in regulated industries (railway, medical, automotive, aerospace, or similar)
• Experience with certification and audit processes

Technical Competencies

• In-depth knowledge of IEC 62443, EU Cyber Resilience Act, and at least one sector-specific standard (TS 50701 or IEC 81001-5-1)
• Expertise in Secure Development Lifecycle (SDLC) and security testing
• Knowledge of Embedded Linux, RTOS, Secure Boot, cryptography, and network security
• Experience with Threat Modeling (e.g., STRIDE) and TRA methodology

Personal Competencies

• Strategic thinking combined with a hands-on mentality
• Strong communication skills – including with non-technical stakeholders
• Ability to translate security topics into risk and business language
• Ability to coordinate cross-functionally and drive topics forward – even without direct line authority
• Fluent in German and English

What we offer:

Stellenstandort: Nürnberg
Start: ab sofort
Umfang: Vollzeit

Contact

Interested? We look forward to hearing from you!

duagon Germany GmbH
Marcel Kratzer