Product Cybersecurity Manager

About The Position

Requirements

• Bachelor’s or Master’s degree in engineering or equivalent work experience.
• 5+ years of hands‑on experience in software engineering, secure SDLC, system/software architecture, DevSecOps, or technical project management.
• 3+ years dedicated to cybersecurity in product or platform contexts.
• Experience in regulated industries (medical devices) and cybersecurity preferred.
• Strong communication skills; able to translate complex security topics for diverse audiences
• Effectively communicate complex security topics to non-security audiences; integrate multidisciplinary inputs (engineering/marketing/regulatory).
• Threat modeling, security assessments/testing (SAST/DAST/pentest), security engineering, vulnerability management, and evidence production.
• Practical experience with relevant programming/scripting languages, frameworks/services, and protocols (e.g., Bluetooth/WLAN/TLS).
• Strong process/project management capabilities; agile methods and practices; business understanding; stays up-to-date with cybersecurity trends and regulations.
• Understanding of AI technology and associated threats; hands-on experience using AI technology
• Familiarity with Bluetooth/WLAN/TLS, scripting/programming languages, and modern development workflows
• Knowledge of security frameworks (NIST CSF, ISO 27001, MITRE), privacy regulations (GDPR, HIPAA), and medical device regulations (MDR, FDA)
• Proficiency with Windows, Linux, macOS, and collaboration tools such as Confluence, Jira, Polarion, and MS Teams.
• Basic understanding of AI technologies and associated risks; experience with agentic AI systems is a plus
• Certifications (ISC2, GIAC) are advantageous
• English fluency required; German basics a plus
• A minimum of 200Mb/sec download and 10Mb/sec upload speed internet connectivity is required to support any remote/hybrid employee functionality at Sonova

Nice To Haves

• Experience in regulated industries (medical devices) and cybersecurity preferred.
• Basic understanding of AI technologies and associated risks; experience with agentic AI systems is a plus
• Certifications (ISC2, GIAC) are advantageous
• German basics a plus

Responsibilities

• Execute and operationalize the global product cybersecurity strategy and roadmaps, ensuring adoption across R&D teams.
• Propose improvements and roadmap inputs to the Director, Product Cybersecurity.
• Drive implementation of cybersecurity principles, standards, controls, and processes across the product ecosystem by enabling teams, tracking progress, and ensuring consistent application.
• Provide regular risk and performance inputs (status, key risks, KPIs/KRIs) for product and senior management reporting.
• Monitor threat and regulatory landscapes and support definition of compliant, audit-ready processes.
• Embed cybersecurity into the product lifecycle aligned with the Secure Product Development Framework (SPDF) and applicable standards (e.g., IEC 62304, ISO 14971, IEC 81001 5 1).
• Drive secure design by defining security/privacy requirements and controls; verify architecture and implementation against security principles and coding standards.
• Drive and support integration of security checks and tooling into development workflows (e.g., CI/CD) to detect and address issues early.
• Lead and facilitate threat modeling and product cybersecurity risk assessments with global R&D teams; ensure effective mitigation planning and traceability to defined controls.
• Support regulatory submissions and audits by coordinating preparation of cybersecurity evidence and ensuring audit-ready traceability.
• Plan and coordinate security testing with internal and external partners; analyze findings and drive remediation.
• Manage third-party (incl. open source) cybersecurity risk, including supplier assessments and security input to contracts.
• Guide and coach product management, R&D, and quality teams, build cyber risk awareness, and strengthen capability through security champions and training.

Benefits

• bonus eligible