Job Description

Great people make Schneider Electric a great company!Schneider Electric Internal Audit (IA) department is part of the Governance Function within Schneider Electric (SE) and operates from several locations across the world. It is part of the 3rd line of defense who finally reports to the Chief Governance Officer (CGO) and the Audit Committee. The IT audit team within IA has a global scope, i.e. covers all geographical locations of SE, and executes all IT audits, including cybersecurity or more specific technology-related subjects.We are looking for candidates that can execute their tasks autonomously, with a natural tendency towards driving activities and a strong team spirit. They should also be able to convey messages in a constructive way and adopt a positive mindset within the team, while exhibiting critical and independent thought. Our team members are expected to consistently demonstrate proactivity, transparency and accountability for identifying and communicating IT and cybersecurity protection risks. They should strive to evaluate the implications of their actions on colleagues and stakeholders before making decisions, and escalate issues to their manager when unsure, while demonstrating a calm professional approach, with a good understanding of delivery within time constraints.Responsibilities

• Assist and execute 3rd line of defense assurance assessments (testing and evidence-based reviews) based on mission-oriented controls.
• Follow the established GIA audit methodology and its processes and quality assurance tasks.
• Manage several engagements, with the support and constant coordination of the Head of internal IT audit team.
• Draft and approve audit reports based on the assessment result and provide feedback to audited team on identified gaps and potential solutions.
• Provide opinions on audit results and consultative advice.
• Be available for troubleshooting and general support for the GIA team.
• Store and manage results into central audit repositories.
• Assist the internal IT audit team to conduct analysis of results and determine trends and threats.
• Identify and manage risks related to IT and cybersecurity protection, and escalate risks and issues as needed.
• Interact and deliver with specialists across multiple departments within SE.
• Actively participate in internal awareness, training, and other events within GIA and SE.
• Be available for travelling to audit locations (NB: this is conditioned by the current ongoing pandemic and travel will only occur when the situation has improved sufficiently as to allow for travelling to resume in safe conditions).

QualificationsMandatory

• Solid experience in information security field/auditing
• Min. a computer science Master or similar from a University or engineering school (alternatively a professional Master level qualification relevant to IT and cybersecurity)
• Certifications in information security (CISA, CISM, CISSP) and/or ISO27XXX would be a plus
• Professional English proficiency (oral and written, including presentation)
• High quality report production
• Strong stakeholder engagement
• Previous experience of working with assurance / controls frameworks e.g. IT General Controls, ISO 27XXX, NIST etc.
• A hybrid understanding of crossover between IT, business, legal, and information security requirements
• Ability to conduct security audits against such various control sets.
• Demonstrated leadership and problem-solving skills, and ability to work under pressure
• Ability to analyse penetration testing reports, with knowledge on vulnerabilities (CVE, and more widely the MITRE tools and framework, or similar)
• Effective communication with C-level management
• Good understanding of the types of security risks and threats that controls mitigate
• Ability of assessing and sampling audit scope and controls in limited timescales
• Be able to provide recommendations and advice on any improvements needed
• Demonstrate a good understanding of the principles and requirements for industry-related IT and infosec risks
• Be able to describe technical controls to non-technical people. Adapting the formulations to the audience
• Very strong rigor when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.

Desirable

• Physical security knowledge
• Previous experience within a Big 4 external auditing/consultancy firm
• Ability to conduct penetration testing
• Knowledge and/or previous technical expertise in computer science and code development

Why us?Schneider Electric is leading the digital transformation of energy management and automation. Our technologies enable the world to use energy in a safe, efficient and sustainable manner. We strive to promote a global economy that is both ecologically viable and highly productive.\xe2\x82\xa025.7bn global revenue137 000+ employees in 100+ countries45% of revenue from IoT5% of revenue devoted for R&DYou must submit an online application to be considered for any position with us. This position will be posted until filledIt is the policy of Schneider Electric to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct. Concerning agencies: Schneider Electric does not accept unsolicited resumes and will not be responsible for fees related to such.

eQuest