Application Security and Compliance Manager

Schneider Electric   •  

Andover, MA

5 - 7 years

Posted 181 days ago

This job is no longer available.

Information, Process and Organization (IPO) is the global IT organization within Schneider Electric.  The Application Certification is an IPO initiative to ensure the organization is delivering best in class applications that are sustainable, compliant, and secure.

This role reports to the Global Application Certification Director and will be working in collaboration with Project Managers and project delivery teams, as well as with Application security and compliance center and the Global IT Security team to ensuring that the applications delivered have an acceptable securityrisk profile and compliant with standards, policies and legislations.

 

Responsibilities

The Regional Application Security and Compliance Manager will work with project delivery teams to support them along the applications certification journey. This includes:

  • ·         Hold full responsibility for the Application Certification in the Region.
  • ·         Establish and maintain communication with regional project delivery teams, project and program managers, regional IT leaders, and experts.
  • ·         Reach and maintain a 100% level of awareness about the Application Certification in the region. Train project delivery teams on using the framework ensuring their familiarity with a process and its application.
  • ·         Regularly communicate the framework to the IPO and other relevant teams in a region through presentation, webinars, educational sessions, coaching sessions and social media.
  • ·         Ensure that the Application Certification is properly deployed and followed in the region.
  • ·         Support project delivery team along the application security and compliance journey following a standardized process and applying a framework rigorously.
  • ·         Process certification requests within the region, conduct risk assessments of applications with the support of the Application Certification center and the network of internal experts at Schneider Electric; identify critical risks, propose mitigation steps for identified risks and threats, and issue a risk assessment report.
  • ·         Support project delivery teams during a risk mitigation phase helping them to find the most effective solutions through providing them relevant guidelines, engaging with the Application Certification Center, relevant experts, and building consensus on risk mitigation actions.
  • ·         Assist project delivery team at a certification stage, ensuring that all documentary evidences of risk mitigation actions collected properly, and engage with the Application Certification requesting a certification procedure.
  • ·         Track and monitor the pipeline of requests, establish metrics and reporting in the region.
  • ·         Ensure a 100% level of customer satisfaction.

 

  • ·         CISSP (Certified Information Systems Security Professional)

Qualifications

 

Requirements for Regional Application Security and Compliance Manager

Behaviors and Competencies

The Manager must demonstrate mature behaviors including:

  • ·         Strong written and verbal International  communication skills, with a proven ability to communicate with technical staff, as well as project teams
  • ·         Keeping pace with standards and technologies related to security and compliance, especially in the area of national personal data protection
  • ·         Exceptional consensus building skill with an ability to drive consensus across different international teams

 

Education and Training

Essential

  • ·         BE or MS or MCA Computers Science or Information Technology

Desirable

  • ·         M. Tech Computers Science or Information Technology

Skills

  • ·         IT Security
  • ·         Risk management
  • ·         Personal Data Protection
  • ·         Applications design, development & delivery
  • ·         Collaboration/Teamwork
  • ·         Communications (Written and Oral)
  • ·         Interpersonal Skills

 

Knowledge

The Manager should have in-depth knowledge and experience of the following:

  • ·         Expertise in applying Information Security Management principles and standards in areas such as threats and vulnerabilities, risk assessment and mitigation, security policy and security management process
  • ·         Expertise in ensuring compliance with personal data protection legislation at a national level
  • ·         Expertise in Cloud Security Assessment and Security Audits of Cloud Environment
  • ·        Understand applicationarchitecture and howsecurityfits into each component in areas such as:
    • ·         Data flow
    • ·         Identity and Access management (user and administrator level)
    • ·         Operational support process
    • ·         Data protection (backup, archiving, disaster recovery)
  • ·         Understanding the general IT security principles
  • ·         Understanding the project excellence and software development lifecycle
  • ·         Understanding Schneider Electric IT architectural landscape globally and at a regional level (Desirable)
  • ·         Understanding IPO policies and being able to direct project teams to guidelines that apply to their application (Desirable)

 

Experience and Professional Certification

Essential

  • ·         6-10 years of experience in general IT management, security, and data protection

Desirable

  • ·         IRCA registered ISO 27001 Lead Auditor (Information Security Management System)
  • ·         Data privacy professional (IAPP certification)
  • ·         Certified CSA STAR Auditor
  • ·         CISA (Certified Information Security Auditor)

 

APPLY NOW

 

You must submit an online application to be considered for any position with us. This position will be posted until filled. It is the responsibility of each employee to inform your manager that you’re applying for a new internal opportunity. If you are not selected for an interview, you will receive electronic notification; you are not guaranteed a call from the recruiting team.

 

It is the policy of Schneider Electric to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.

003JQS