Job Description

Description - ExternalAbout Schneider ElectricSchneider Electric\xe2\x80\x99s purpose is to empower all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On.Our mission is to be your digital partner for Sustainability and Efficiency.We drive digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.We are the most local of global companies. We are advocates of open standards and partnership ecosystems that are passionate about our shared Meaningful Purpose, Inclusive and Empowered values.Job purpose:Schneider Electric is searching for a CERT Leader for assignment in our Energy Management Business.In this role you will work in close collaboration with Lines of Business (LoBs) in your organization, the Corporate CERT (CP-CERT) organization, and other Schneider Electric business units. You will coordinate all customer and product-related Cyber Security vulnerabilities as a product vulnerability management expert and leader and support incident response cases that may involve offers from your organization.The CERT Leader regularly interacts with key stakeholders such as product LoB vulnerability handlers and representatives from offer development, regulations, conformity teams and technical leaders as well as stakeholders from the CP-CERT and other Governance teams to ensure that product cybersecurity vulnerability management guidelines and processes are executed in an efficient, effective, and compliant manner.The ideal candidate will be able to combine process and understanding of product vulnerabilities with assertive engagement and escalation when appropriate. The idea is not only to have people only addressing our product vulnerabilities, but also \xe2\x80\x9cacting like owners\xe2\x80\x9d and having an impact in our strategy for \xe2\x80\x9csecurity by design\xe2\x80\x9d.Responsibilities:\xc2\xb7 Responsible for driving Product Vulnerability Management process execution in your organization whether externally reported or internally discovered (Intake, Triage, Planning, Execution, Customer Notification, lessons learned, etc.\xc2\xb7 Work with product vulnerability handlers to facilitate appropriate response to reported product vulnerabilities for resolution within the specified SLAs. Escalate if there are issues\xc2\xb7 Coordinate regular meetings with product vulnerability handlers in all supported lines of business\xc2\xb7 Collaborate with the corporate CERT (CP-CERT) team on product vulnerability reporting, challenges, and areas of improvement, etc.\xc2\xb7 Collaborate with the corporate CERT (CP-CERT) team by advocating BU needs in policies, procedures and new process development\xc2\xb7 Responsible for continuous improvement of the related processes\xc2\xb7 Train the Cybersecurity people and Offer Managers in your organization on the Product Vulnerability Management processes and policies, and keep them up to date on any updates\xc2\xb7 Assist product vulnerability handlers in your organization with writing security notifications\xc2\xb7 Manage the Product Security Notification process for patch Tuesday monthly releases\xc2\xb7 Support incident response process when offers from your organization are involved\xc2\xb7 Monitor threat intel feeds and security blogs for items that may be relevant to offers from your organization\xc2\xb7 Work with assigned LoBs, CP-CERT, external communications team, and legal in responding to controversial situations involving assigned offersQualificationsQualifications \xe2\x80\x93 ExternalKey Skills and Requirements\xc2\xb7 5+ years Cybersecurity experience\xc2\xb7 Proven Cybersecurity skills and experience in leading projects independently\xc2\xb7 Extensive understanding of triaging and assessing risks associated with product cybersecurity vulnerabilities in Critical Infrastructure products\xc2\xb7 Qualifications/Certifications in Cybersecurity (CEH, CSSLP, CISSP etc.)\xc2\xb7 Well versed in scoring vulnerabilities with CVSS, strong understanding of how to apply or reference CVE, CWE, NVD informationQualifications and Expertise\xc2\xb7 Leadership ability and a good team player and team lead experience\xc2\xb7 Ability to work with autonomy\xc2\xb7 Ability to organize and facilitate meetings and workshops\xc2\xb7 Demonstrated ability to stay focused\xc2\xb7 Ability to conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities\xc2\xb7 Experience & understanding of the complexity of co-working in a global project team\xc2\xb7 Good understanding and experience of best practices of end-2-end secure development lifecycle for products and systems\xc2\xb7 Good understanding and experience of key topics in Cybersecurity as Product Vulnerability Management, Risk Management, Incident Response, Penetration Testing, Quality assurance\xc2\xb7 Good understanding of the differences and challenges of the convergence of OT and IT worlds\xc2\xb7 Strong interpersonal and intercultural skills\xc2\xb7 Excellent presentation and communications skills, both written and oral\xc2\xb7 High level of energy and passion\xc2\xb7 Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist preferred\xc2\xb7 Languages: good level English is mandatory, proficieny in one or more other languages, e.g., French, is preferredDirect reportsThis role will not have direct reports but will have a transversal, organization wide stakeholder management.

Schneider Electric