Information, Process and Organization (IPO) is the global IT organization within Schneider Electric. The Application Certification Framework is an IPO initiative to ensure the organization is delivering best in class applications that are sustainable, compliant, and secure.
This role reports to the Global Applications Security and Compliance Director and will be working in collaboration with Project Managers and project delivery teams, as well as with Application security and compliance center and the Global IT Security team to ensuring that the applications delivered have an acceptable security risk profile and compliant with standards, policies and legislations.
Responsibilities The Regional Applications Security and Compliance Manager will work with project delivery teams to support them along the applications certification journey. This includes:
- Hold full responsibility for the Application Security and Compliance Framework in the Region. Establish and maintain communication with regional project delivery teams, project and program managers, regional IT leaders, and experts.
- Reach and maintain a 100% level of awareness about the Application Security and Compliance in the region. Train project delivery teams on using the framework ensuring their familiarity with a process and its application.
- Regularly communicate the framework to the IPO and other relevant teams in a region through presentation, webinars, educational sessions, coaching sessions and social media.
- Ensure that the Application Security and Compliance Framework is properly deployed and followed in the region.
- Support project delivery team along the application security and compliance journey following a standardized process and applying a framework rigorously.
- Process certification requests within the region, conduct risk assessments of applications with the support of the Application Security and Compliance center and the network of internal experts at Schneider Electric; identify critical risks, propose mitigation steps for identified risks and threats, and issue a risk assessment report.
- Support project delivery teams during a risk mitigation phase helping them to find the most effective solutions through providing them relevant guidelines, engaging with the Application Security and Compliance Center, relevant experts, and building consensus on risk mitigation actions.
- Assist project delivery team at a certification stage, ensuring that all documentary evidences of risk mitigation actions collected properly, and engage with the Application Security and Compliance requesting a certification procedure.
- Track and monitor the pipeline of requests, establish metrics and reporting in the region.
- Ensure a 100% level of customer satisfaction.
Behaviors and Competencies The Manager must demonstrate mature behaviors including:
- Strong written and verbal International communication skills, with a proven ability to communicate with technical staff, as well as project teams
- Keeping pace with standards and technologies related to security and compliance, especially in the area of national personal data protection
- Exceptional consensus building skill with an ability to drive consensus across different international teams
Education and Training Essential
- BE or MS or MCA Computers Science or Information Technology
- M. Tech Computers Science or Information Technology
- IT Security
- Risk management
- Personal Data Protection
- Applications design, development & delivery
- Communications (Written and Oral)
- Interpersonal Skills
Knowledge The Manager should have in-depth knowledge and experience of the following:
- Expertise in applying Information Security Management principles and standards in areas such as threats and vulnerabilities, risk assessment and mitigation, security policy and security management process
- Expertise in ensuring compliance with personal data protection legislation at a national level
- Expertise in Cloud Security Assessment and Security Audits of Cloud Environment
Understand application architecture and how security fits into each component in areas such as:
- Data flow
- Identity and Access management (user and administrator level)
- Operational support process
- Data protection (backup, archiving, disaster recovery)
- Understanding the general IT security principles
- Understanding the project excellence and software development lifecycle
- Understanding Schneider Electric IT architectural landscape globally and at a regional level (Desirable)
- Understanding IPO policies and being able to direct project teams to guidelines that apply to their application (Desirable)
Experience and Professional Certification Essential
- 6-10 years of experience in general IT management, security, and data protection
- IRCA registered ISO 27001 Lead Auditor (Information Security Management System)
- Data privacy professional (IAPP certification)
- Certified CSA STAR Auditor
- CISA (Certified Information Security Auditor)
- CISSP (Certified Information Systems Security Professional)
A little about us:
We’re the global specialist in energy management and automation. Our technologies ensure that Life Is On everywhere, for everyone and at every moment.