Description - External
About Schneider Electric
Schneider Electric's purpose is to empower all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On.
Our mission is to be your digital partner for Sustainability and Efficiency.
We drive digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.
We are the most local of global companies. We are advocates of open standards and partnership ecosystems that are passionate about our shared Meaningful Purpose, Inclusive and Empowered values.
Want more jobs like this?
Get Computer and IT jobs in Bangalore, India delivered to your inbox every week.
Job purpose:
Schneider Electric is searching for a CERT Leader for assignment in our Energy Management Business.
In this role you will work in close collaboration with Lines of Business (LoBs) in your organization, the Corporate CERT (CP-CERT) organization, and other Schneider Electric business units. You will coordinate all customer and product-related Cyber Security vulnerabilities as a product vulnerability management expert and leader and support incident response cases that may involve offers from your organization.
The CERT Leader regularly interacts with key stakeholders such as product LoB vulnerability handlers and representatives from offer development, regulations, conformity teams and technical leaders as well as stakeholders from the CP-CERT and other Governance teams to ensure that product cybersecurity vulnerability management guidelines and processes are executed in an efficient, effective, and compliant manner.
The ideal candidate will be able to combine process and understanding of product vulnerabilities with assertive engagement and escalation when appropriate. The idea is not only to have people only addressing our product vulnerabilities, but also "acting like owners" and having an impact in our strategy for "security by design".
/ Style Definitions / p.MsoNormal, li.MsoNormal, div.MsoNormal { margin:0in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } .MsoChpDefault { font-size:10.0pt; } @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; } div.WordSection1 {page:WordSection1;} / List Definitions /
Responsibilities:
• Responsible for driving Product Vulnerability Management process execution in your organization whether externally reported or internally discovered (Intake, Triage, Planning, Execution, Customer Notification, lessons learned, etc.
• Work with product vulnerability handlers to facilitate appropriate response to reported product vulnerabilities for resolution within the specified SLAs. Escalate if there are issues
• Coordinate regular meetings with product vulnerability handlers in all supported lines of business
• Collaborate with the corporate CERT (CP-CERT) team on product vulnerability reporting, challenges, and areas of improvement, etc.
• Collaborate with the corporate CERT (CP-CERT) team by advocating BU needs in policies, procedures and new process development
• Responsible for continuous improvement of the related processes
• Train the Cybersecurity people and Offer Managers in your organization on the Product Vulnerability Management processes and policies, and keep them up to date on any updates
• Assist product vulnerability handlers in your organization with writing security notifications
• Manage the Product Security Notification process for patch Tuesday monthly releases
• Support incident response process when offers from your organization are involved
• Monitor threat intel feeds and security blogs for items that may be relevant to offers from your organization
• Work with assigned LoBs, CP-CERT, external communications team, and legal in responding to controversial situations involving assigned offers
Qualifications
Qualifications - External
/ Style Definitions / p.MsoNormal, li.MsoNormal, div.MsoNormal { margin:0in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast { margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; font-size:10.0pt; font-family:"Arial",sans-serif; } .MsoChpDefault { font-size:10.0pt; } @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; } div.WordSection1 {page:WordSection1;} / List Definitions /
Key Skills and Requirements
• 5+ years Cybersecurity experience
• Proven Cybersecurity skills and experience in leading projects independently
• Extensive understanding of triaging and assessing risks associated with product cybersecurity vulnerabilities in Critical Infrastructure products
• Qualifications/Certifications in Cybersecurity (CEH, CSSLP, CISSP etc.)
• Well versed in scoring vulnerabilities with CVSS, strong understanding of how to apply or reference CVE, CWE, NVD information
Qualifications and Expertise
• Leadership ability and a good team player and team lead experience
• Ability to work with autonomy
• Ability to organize and facilitate meetings and workshops
• Demonstrated ability to stay focused
• Ability to conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities
• Experience & understanding of the complexity of co-working in a global project team
• Good understanding and experience of best practices of end-2-end secure development lifecycle for products and systems
• Good understanding and experience of key topics in Cybersecurity as Product Vulnerability Management, Risk Management, Incident Response, Penetration Testing, Quality assurance
• Good understanding of the differences and challenges of the convergence of OT and IT worlds
• Strong interpersonal and intercultural skills
• Excellent presentation and communications skills, both written and oral
• High level of energy and passion
• Standing Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist preferred
• Languages: good level English is mandatory, proficieny in one or more other languages, e.g., French, is preferred
Direct reports
This role will not have direct reports but will have a transversal, organization wide stakeholder management.
Schedule: Full-time
Req: 0091XD