Security Advisor

Schneider Electric is searching for a Lead Security Advisor for its Energy Management Business Cybersecurity Innovation & Architecture Team.

The role is responsible for the adoption and implementation of the Secure Development Lifecycle framework (per Schneider Electric SDL V2 process) and in compliance to it Secure Lifecycle Management Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems.

The role regularly interacts with key stakeholders like representatives from offer development, architecture, regulations, conformity teams and technical leaders as well as stakeholders from the corporate Product Security Office (PSO) within Governance teams to ensure that cybersecurity guidelines and processes are executed in an efficient, effective, and compliant manner.

The ideal candidate will be able to combine process and technical advisory role with assertive engagement and escalation when appropriate.

The idea is not only to have people only consulting and advising, but also "acting like owners" and having an impact in our "shift-left" strategy for "security by design".

Responsibilities:



* Serve as the Subject Matter Expert to ensure cybersecurity topics are prioritized and embedded in the Offer development process from the design phase.


* Provide guidance, coaching, and expertise to implement Secure Development Lifecycle practices such as threat modeling, secure design, secure coding, implementation, and security testing.


* Collect Secure Development Lifecycle and cybersecurity metrics to contribute to data-driven strategies and plans in a protective manner.


* Aid in the deployment of Secure Development Lifecycle and cybersecurity functionalities as required by standards such as IEC62443, and local regulations such as CRA, RED and work to improve the effectiveness and efficiency of these processes.


* Ensure that assigned development teams adhere to risk-driven cybersecurity processes and controls throughout the development lifecycle.


* Assist development teams in managing vulnerability triage and resolution as needed to maintain secure software environments.


* Support teams in conducting internal Secure Development Lifecycle audits and Formal Cybersecurity Reviews (FCSRs) and ensure compliance with Schneider data security and privacy processes.


* Perform foundational data protection and privacy screening of offers to ensure data privacy requirements are integrated from the initial design stages.


* Represent offer development teams in Business Unit and PSO security meetings and workshops.

Stay informed about new policies, procedures, cybersecurity standards, regulations, legislation, and technologies, and keep R&D leadership updated on relevant emerging activities.


* Conduct training sessions and presentations to enhance cybersecurity competencies within development teams.
...