Cybersecurity and Data Protection Advisor

ng product investment plans (R&D) while building trust with customers, the ecosystem and authorities.

Job Responsibilities:

• Deploy Schneider Electric Secure Development Lifecycle program and systematically conduct, together with the Cybersecurity Officer, Formal Cybersecurity Reviews (FCSR).
• Bring Cybersecurity and data protection requirements for offers/products within the Home Solutions division and address expectations from customers and authorities.
• Perform cybersecurity and privacy risk assessments to Home Solutions offers, systems, app services to identify, evaluate, communicate risks and provide mitigating actions, and ensure compliance.
• Cybersecurity regulatory compliance (e.g., RED DA, CRA, EU Data Act, UK PSTI, ) for products by raising awareness to influence product (R&D) investment plans.
• Support product owners and product teams in specifying security requirements and bring expert knowledge of relevant Cybersecurity standards and regulations. Bring security best practices for design, automation, and tool selection.
• Act as an expert facilitator on practices such as secure design, threat modeling, and vulnerability management.
• Advising on effective solutions for enabling cybersecurity and data protection by design and by default capabilities.
• Work with Schneider Electric Global and Divisions Product security teams to improve the process of review and the tool used, identifying use cases and areas for improvement and automation.
• Form a network of experts inside and outside the line of business to engage as necessary on technical reviews, risk management and customer topics.
• Identify critical partner and supplier dependencies and their impact for the Division.
• Industry involvement and influencing, external engagements, make Division cyber known internally and externally.
• Lead product security posture management across global R&D centers through collaboration with cross-functional teams including product marketing, R&D, and supply chain.
• Conduct security assessments of brand-labeled products, managing SBOM vulnerabilities and FOSS license compliance in partnership with legal, global governance, and Center of Excellence functions.
• Enhance effectiveness within Home Solutions CSO team by delivering security solutions, providing mentorship, and improving governance through risk-based security review playbooks and validation guidelines.
• Improve and implement comprehensive product lifecycle risks across diverse portfolios including end-devices, edge computing, mobile applications, and cloud services for both new and legacy products.
• Drive governance initiatives in compliance with SDL standard and global regulations such as EU RED-DR/CRA, while prioritizing industrial OT standards and market requirements.
• Lead the development of security technical mandates like specifications for product creation with a platform-sharable approach, applying architectural strategies that meet project objectives while addressing regulations, customer needs, industrial requirements, costs, and standards.

资格

Requirements and Qualifications:
• Proficiency in spoken and written Chinese is required.
• Proficiency in spoken and written English is required.
• Experience in the cybersecurity & privacy field, including previous performance of Cybersecurity & privacy reviews.
• Hands-on experience of IT and profound knowledge of the technical requirements related to Cyber and Privacy by Design.
• Experience with risk assessment, threat modeling, and security requirements definition.
• Knowledge of security standards (IEC 62443, ISO27001, GDPR etc.) and their application to product, offer and wider digital security.
• Privacy and Information Security certification (e.g. CISSP, CISM, CIPP, CIPM) and knowledge of applicable privacy regulations and frameworks (e.g. GDPR, CCPA, NIST CSF) desirable.
• Relevant education or external accreditation in the areas of data protection, cybersecurity, audit, quality or risk management would be a plus.
• Strong organizational skills are required.
• Effective communication skills, multi-tasking and problem-solving
• Ability to influence and engage successfully with business & cyber leaders.

时间表: 全职
请求编号: 009JNT