Software Product Cyber Security Leader at Schneider Electric USA, Inc in Louisville, Kentucky

Job Description:

Schneider Electric is searching for a Software Product Cyber Security Leader (\"CyberSecurity Business Partner\"- internal title) within its Energy Management Business reporting to the Senior Vice President of the Sustainability Business Division and dotted line to the Group CISO.

The Software Product Cyber Security Leader mandate is a focus on cyber, data, and product security risk management while building trust with customers, the ecosystem, and authorities. The CSO will set the vision and strategy that addresses the risks and simultaneously enables the Energy Management business objectives. This role is the liaison between the cybersecurity and business organizations, making cybersecurity a known element foundational to the success of digital and sustainability initiatives.

This leader will support both external and internal stakeholders. From an external standpoint, the goal is to mitigate risks that may hinder the Division's digital and offer ambitions used to drive and grow the business. To be successful, this leader must build trust with internal segment stakeholders, that will ultimately translate to strong relationships and trust with customers the broader ecosystem. The role will both join the Sustainability Business Division's leadership and Cybersecurity group leadership.

Division Specific Cyber Objectives

• Lessons learned and multi-year improvement plan after Ransomware Incident


• Restore Trust with Customers and Authorities


• CRA and regulations compliance for SaaS offers


• Alignment / integration of cybersecurity Processes & Tools with the rest of SE


• Resource Advisor - cyber strategy - frame agreement & trusted architecture


• Secure Data - customer / employee - architecture and regional operations


• SOC2 / Type2 + Certifications for MSSP


• Cybersecurity posture for integrated entities - Eco Act, ...


• ESG and Strat Accounts Cyber Awareness + agenda

Responsibilities:

• Define and execute on cyber, data and product security strategy and vision for the


• Division by keeping alignment on group cyber ambitions and priorities.


• Drive discussions with key strategic accounts on cyber, data and product security topics for the Division, addressing customer expectations/requirements.


• Raise situational awareness in the Division and its segments on various cyber trends, controversies, regulatory and authorities' requirements and competition moves.


• Identify critical partner and supplier dependencies and their impact for the Division.


• Conduct risk management activities in cyber, data, products, and systems from identification, assessment to mitigation of those risks (centered on group cyber risk register)


• Deploy product security essentials (baseline requirements) in the Division's R&D activities, deploy technical invariants for products, enforce independent pen-testing


• Drive regulatory compliance (e.g., CRA) by raising awareness at the leadership level toinfluence product (R&D) investment plans.


• Implement a robust control environment in the Division through Enterprise Risk


• Management and Key Internal Controls for Product development and R&D representing the Division as first line of defense.


• Articulate and deploy data protection requirements for offers within the division and address data privacy, residency/localization expectations from customers and authorities.


• Elevate the bar for Secure Development Lifecycle program and systematically conduct


• Formal Cybersecurity Reviews, manage the exception/waiver process before Go-to-Market.


• Lead product/offer Vulnerability & Controversies Management for the division and articulate the risk profile for vulnerabilities, articulating the business impact for the Division.


• Lead Digital Offer and Digital Footprint security management for the division including mobile apps governance (when relevant) including flags, and the migration to Azure Landing zone


• Spearhead Product Security Maturity Model Implementation for the division and conduct associated actions plans.


• Support to group strategic initiative like "Sensitive offers Source Code", Divisions "R&D site protection", "Platinum" sites protection programs.


• Drive Ecosystem security and Trust Standards in Energy Management scope entities of non- integrated companies, ramping up their security posture


• Engage in cyber incident management related to the Division from detection, thru containment up to root cause analysis and lessons learnt.


• Industry involvement and influencing, external engagements, make Division cyber known internally and externally.

• Superior organizational intelligence within the company and its ecosystem


• Effective communication skills, multi-tasking and problem-solving


• Ability to influence and engage successfully with senior business & cyber leaders.


• Ability to work in a matrix organization with collaboration and conflict management skills.


• Experienced in large business transformation programs.


• Tight deadlines, ability to prioritize, to manage and to maintain confidential information.

Technical & Soft skills

• Strong business acumen, experience in product security, in an energy management or related industry


• Experience with risk assessment, threat modeling, and security requirements definition


• Knowledge of security standards (IEC 62443, ISO27001, GDPR etc.) and their application to product, offer and wider digital security


• Strong understanding of security principles, protocols, and technologies.


• Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) would be a plus.


• Academic degree in Business and/or Engineering: domain level expertise could be a strong plus: Product, Software development, Marketing, Tendering, Sales...

Looking to make an IMPACT with your career?

When you are thinking about joining a new team, culture matters. At Schneider Electric, our values and behaviors are the foundation for creating a great culture to support business success. We believe that our IMPACT values - Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork - starts with us.

IMPACT is also your invitation to join Schneider Electric where you can contribute to turning sustainability ambition into actions, no matter what role you play. It is a call to connect your career with the ambition of achieving a more resilient, efficient, and sustainable world.

We are looking for IMPACT Makers; exceptional people who turn sustainability ambitions into actions at the intersection of automation, electrification, and digitization. We celebrate IMPACT Makers and believe everyone has the potential to be one.

Become an IMPACT Maker with Schneider Electric - apply today!

€36 billion global revenue
+13% organic growth
150 000+ employees in 100+ countries
#1 on the Global 100 World's most sustainable corporations

You must submit an online application to be considered for any position with us. This position will be posted until filled.

Schneider Electric aspires to be the most inclusive and caring company in the world, by providing equitable opportunities to everyone, everywhere, and ensuring all employees feel uniquely valued and safe to contribute their best. We mirror the diversity of the communities in which we operate, and 'inclusion' is one of our core values. We believe our differences make us stronger as a company and as individuals and we are committed to championing inclusivity in everything we do. This extends to our Candidates and is embedded in our Hiring Practices.

You can find out more about our commitment to Diversity, Equity and Inclusion here and our DEI Policy here

At Schneider Electric, we uphold the highest standards of ethics and compliance, and we believe that trust is a foundational value. Our Trust Charter is our Code of Conduct and demonstrates our commitment to ethics, safety, sustainability, quality and cybersecurity, underpinning every aspect of our business and our willingness to behave and respond respectfully and in good faith to all our stakeholders. You can find out more about our Trust Charter here

Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.Schneider Electric is searching for a Software Product Cyber Security Leader ("CyberSecurity Business Partner"- internal title) within its Energy Management Business reporting to the Senior Vice President of the Sustainability Business Division and dotted line to the Group CISO.

The Software Product Cyber Security Leader mandate is a focus on cyber, data, and product security risk management while building trust with customers, the ecosystem, and authorities. The CSO will set the vision and strategy that addresses the risks and simultaneously enables the Energy Management business objectives. This role is the liaison between the cybersecurity and business organizations, making cybersecurity a known element foundational to the success of digital and sustainability initiatives.

This leader will support both external and internal stakeholders. From an external standpoint, the goal is to mitigate risks that may hinder the Division's digital and offer ambitions used to drive and grow the business. To be successful, this leader must build trust with internal segment stakeholders, that will ultimately translate to strong relationships and trust with customers the broader ecosystem. The role will both join the Sustainability Business Division's leadership and Cybersecurity group leadership.

Division Specific Cyber Objectives

• Lessons learned and multi-year improvement plan after Ransomware Incident


• Restore Trust with Customers and Authorities


• CRA and regulations compliance for SaaS offers


• Alignment / integration of cybersecurity Processes & Tools with the rest of SE


• Resource Advisor - cyber strategy - frame agreement & trusted architecture


• Secure Data - customer / employee - architecture and regional operations


• SOC2 / Type2 + Certifications for MSSP


• Cybersecurity posture for integrated entities - Eco Act, ...


• ESG and Strat Accounts Cyber Awareness + agenda

Responsibilities:

• Define and execute on cyber, data and product security strategy and vision for the


• Division by keeping alignment on group cyber ambitions and priorities.


• Drive discussions with key strategic accounts on cyber, data and product security topics for the Division, addressing customer expectations/requirements.


• Raise situational awareness in the Division and its segments on various cyber trends, controversies, regulatory and authorities' requirements and competition moves.


• Identify critical partner and supplier dependencies and their impact for the Division.


• Conduct risk management activities in cyber, data, products, and systems from identification, assessment to mitigation of those risks (centered on group cyber risk register)


• Deploy product security essentials (baseline requirements) in the Division's R&D activities, deploy technical invariants for products, enforce independent pen-testing


• Drive regulatory compliance (e.g., CRA) by raising awareness at the leadership level toinfluence product (R&D) investment plans.


• Implement a robust control environment in the Division through Enterprise Risk


• Management and Key Internal Controls for Product development and R&D representing the Division as first line of defense.


• Articulate and deploy data protection requirements for offers within the division and address data privacy, residency/localization expectations from customers and authorities.


• Elevate the bar for Secure Development Lifecycle program and systematically conduct


• Formal Cybersecurity Reviews, manage the exception/waiver process before Go-to-Market.


• Lead product/offer Vulnerability & Controversies Management for the division and articulate the risk profile for vulnerabilities, articulating the business impact for the Division.


• Lead Digital Offer and Digital Footprint security management for the division including mobile apps governance (when relevant) including flags, and the migration to Azure Landing zone


• Spearhead Product Security Maturity Model Implementation for the division and conduct associated actions plans.


• Support to group strategic initiative like "Sensitive offers Source Code", Divisions "R&D site protection", "Platinum" sites protection programs.


• Drive Ecosystem security and Trust Standards in Energy Management scope entities of non- integrated companies, ramping up their security posture


• Engage in cyber incident management related to the Division from detection, thru containment up to root cause analysis and lessons learnt.


• Industry involvement and influencing, external engagements, make Division cyber known internally and externally.