Job Description

About Schneider ElectricSchneider Electric\xe2\x80\x99s purpose is to empower all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On.Our mission is to be your digital partner for Sustainability and Efficiency.We drive digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.We are the most local of global companies. We are advocates of open standards and partnership ecosystems that are passionate about our shared Meaningful Purpose, Inclusive and Empowered values.Job purpose:Schneider Electric is searching for a Security Advisor for its Energy Management Business CTO Cybersecurity Innovation & Architecture Team.The Security Advisor is responsible for the adoption and implementation of the Secure Development Lifecycle framework (per Schneider Electric SDL V2 process) and in compliance to it Secure Lifecycle Management Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems.The Security Advisor regularly interacts with key stakeholders like representatives from offer development, architecture, regulations, conformity teams and technical leaders as well as stakeholders from the corporate Product Security Office (PSO) within Governance teams to ensure that cybersecurity guidelines and processes are executed in an efficient, effective, and compliant manner.The ideal candidate will be able to combine process and technical advisory role with assertive engagement and escalation when appropriate. The idea is not only to have people only consulting and advising, but also \xe2\x80\x9cacting like owners\xe2\x80\x9d and having an impact in our \xe2\x80\x9cshift-left\xe2\x80\x9d strategy for \xe2\x80\x9csecurity by design\xe2\x80\x9d.Responsibilities:\xc2\xb7 Serve as the Subject Matter Expert to ensure cybersecurity topics are prioritized and embedded in the Offer development process from the design phase.\xc2\xb7 Provide guidance, coaching, and expertise to implement Secure Development Lifecycle practices such as threat modeling, secure design, secure coding, implementation, and security testing.\xc2\xb7 Collect Secure Development Lifecycle and cybersecurity metrics to contribute to data-driven strategies and plans in a protective manner.\xc2\xb7 Aid in the deployment of Secure Development Lifecycle and cybersecurity functionalities as required by standards such as IEC62443, and work to improve the effectiveness and efficiency of these processes.\xc2\xb7 Ensure that assigned development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.\xc2\xb7 Assist development teams in managing vulnerability triage and resolution as needed to maintain secure software environments.\xc2\xb7 Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs) and ensure compliance with Schneider data security and privacy processes.\xc2\xb7 Perform foundational data protection and privacy screening of offers to ensure data privacy requirements are integrated from the initial design stages.\xc2\xb7 Represent offer development teams in Business Unit and PSO security meetings and workshops. Stay informed about new policies, procedures, cybersecurity standards, regulations, legislation, and technologies, and keep R&D leadership updated on relevant emerging activities.\xc2\xb7 Conduct training sessions and presentations to enhance cybersecurity competencies within development teams.\xc2\xb7 Monitor organizational maturity using cybersecurity maturity frameworks and track other Secure Development Lifecycle-related goals as directed.\xc2\xb7 Take an active part in the cybersecurity community not only in Energy Management but also globally at company levelQualificationsKey Skills and Requirements\xc2\xb7 Ability to align operational/information security policies with business requirements.\xc2\xb7 Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects.\xc2\xb7 Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs.\xc2\xb7 Foundational data protection & privacy knowledge or willingness to acquire it during tenureQualifications and Expertise\xc2\xb7 Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist.\xc2\xb7 Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams.\xc2\xb7 Experience guiding and assisting organizations in implementing security product/system development practices.\xc2\xb7 Working knowledge of security and privacy standards, regulations, and legislation.\xc2\xb7 Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices\xc2\xb7 Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set.\xc2\xb7 Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews.\xc2\xb7 An understanding of domain appropriate communication mechanisms protocols\xc2\xb7 A background in domain appropriate development (e.g., embedded, cloud, mobile, industrial automation, energy management)\xc2\xb7 Self-starter and team player; ability to work independently and drive initiatives.\xc2\xb7 Strong communication skills, including the ability to render concise reports, summaries, and presentations.\xc2\xb7 Strong analytical and problem-solving skills.\xc2\xb7 Project management or technical leadership skills preferred.\xc2\xb7 Languages: good level English is mandatory

Schneider Electric