Cybersecurity & Open Source Governance Lead

Your role and responsibilities:

The Cybersecurity & Open Source Governance Lead is responsible for product cybersecurity governance, compliance, and security assurance, as well as Open Source Software (OSS) compliance and license risk management, within ABB Robotics Software and Digital. The role serves as the primary point of contact for cybersecurity and open source matters, ensuring adherence to organizational policies and procedures, IEC 62443 standards, and emerging regulations such as the EU Cyber Resilience Act. The role bridges central cybersecurity and Open Source Program Office (OSPO) functions with local product development teams to embed security and compliance into day-to-day delivery.

The work model for the role is: hybrid/remote
You will be mainly accountable for:

• Define and maintain local cybersecurity and OSS governance frameworks aligned with central CSO/OSPO strategy; ensure product teams follow secure development lifecycle and OSS compliance requirements; coordinate assessments, audits, documentation, and remediation tracking; report compliance posture, risks, and KPIs to BL/PL/PDP and central functions.

• Guide teams on threat modelling, secure design, and secure coding; provide templates, training, and best practices; coordinate vulnerability management, security assessments, and assurance activities, including SCA findings; support due‑diligence for OSS component selection from both licensing and security perspectives.

• Act as the primary escalation point for cybersecurity gaps, vulnerabilities, OSS license violations, and process deviations; evaluate issues and drive remediation actions (patching, replacing components, removing non‑compliant OSS, or identifying alternative licenses); collaborate with Legal, product teams, and central functions; document decisions, violations, and residual risks.

• Advise product teams on cybersecurity requirements, OSS licensing interpretation, contribution guidelines, and best practices; maintain awareness of evolving regulations (e.g., IEC 62443) and OSS licensing trends; facilitate cross‑functional collaboration to drive initiatives to completion.

• Identify systemic gaps and recommend improvements through the Robotics community of practice to strengthen product security, compliance, and overall governance maturity.

Qualifications for the role:

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related field.

• 3-5 years of experience in cybersecurity/product security, information security, security compliance, and/or OSS compliance and license risk management roles.

• Working knowledge of IEC 62443 standards, industrial cybersecurity practices, and relevant product cybersecurity regulations (e.g., EU Cyber Resilience Act).

• Experience with secure development lifecycle, threat modelling, vulnerability management, security assessments, and security assurance processes.

• Understanding of OSS compliance processes, license risk management, and governance of OSS scanning/SCA activities.

• Strong communication, documentation, and influencing skills; able to bridge technical and business stakeholders and provide clear reporting for leadership and audits.

• Analytical problem-solving skills to assess findings, prioritize remediation, and determine when escalation is necessary.

• Exposure to robotics, industrial automation, or embedded systems security is an advantage.