Schneider Electric’s purpose is to empower all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On.

Our mission is to be your digital partner for Sustainability and Efficiency.

We drive digital transformation by integrating world-leading process and energy technologies, end-point to cloud connecting products, controls, software and services, across the entire lifecycle, enabling integrated company management, for homes, buildings, data centers, infrastructure and industries.

We are the most local of global companies. We are advocates of open standards and partnership ecosystems that are passionate about our shared Meaningful Purpose, Inclusive and Empowered values.          

Job purpose

The Supplier Security Risk Analyst is part of Supplier security (TPRM) team of the Cybersecurity Governance team. He/she is in charge of governing Schneider Electric’s Supplier Security engagement and collaborating with Suppliers , Procurement , Business stakeholders , Legal team , Data Privacy teams , RCISO’s.

Duties and responsibilities

Job Scope/Complexity

This role is defining and implementing initiatives to identify, mitigate cybersecurity and data privacy risks stemming from our suppliers in order to build a trust ecosystem.

The role and associated projects will require basic knowledge in security domains Duties will also require building and maintaining strong, trusted relationships across various practices and functions. Transversal collaboration is key and required. Capacity to influence and lead is appreciated.

He/she will work with the Supplier Security team to implement the various controls part of the Supplier security framework and contribute in optimizing the framework. Main requirement of the role will be to conduct both onsite and remote cyber audits of Suppliers cyber posture based on global standards like IS27001 and IEC62443

A good understanding of organization level controls and product level controls is must , review of evidences provided by the supplier , articulating the risk and ensuring right feedback is provided post audit.

Specific Duties & Responsibilities:

1 – Operational Expertise:

• Participate in supplier assessments done for all Critical and high risk suppliers ( approx. 800+ suppliers)
• Review the evidences provided by the suppliers , provide a detailed report while articulating the residual risks appropriately.
• Debrief of assessment results and action plans with Critical / High risk suppliers
• Understanding of the product cyber risks and their controls.
• Optimization of the risk-based Supplier security framework.
• Support in supplier incidents management process

2 – Communication, Training & Awareness:

• Organize awareness sessions and trainings to educate on the Supplier security program and importance of cybersecurity in our ecosystem to supplier facing population.
• Support in grooming interns , new joinees and governance teams on various processes and seminars.

Qualifications

Qualifications include:

• 5+ years of experience in Third party risk management initiatives.
• Knowledge of cybersecurity control, program, and risk frameworks such as NIST, ISO27001, IEC62443 , SDL , etct
• Hands on experience in working on tools like Onetrust , etc
• Business or Engineering school education.
• Project management experience will be good to have.
• Excellent level of English is mandatory.
• Strong communication and interpersonal skills.
• Ability to interact with senior level.
• Good tool/IT acumen.
• Knowledge of cybersecurity control, program, and risk frameworks such as NIST, ISO27001, IEC62443…
• Agile and fast learner.
• Security certification is a plus.

Looking to make an IMPACT with your career?

When you are thinking about joining a new team, culture matters. At Schneider Electric, our values and behaviors are the foundation for creating a great culture to support business success. We believe that our  IMPACT values – Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork – starts with us.

IMPACT is also your invitation to join Schneider Electric where you can contribute to turning sustainability ambition into actions, no matter what role you play. It is a call to connect your career with the ambition of achieving a more resilient, efficient, and sustainable world.

We are looking for IMPACT Makers; exceptional people who turn sustainability ambitions into actions at the intersection of automation, electrification, and digitization. We celebrate IMPACT Makers and believe everyone has the potential to be one.

Become an IMPACT Maker with Schneider Electric – apply today!

€36 billion global revenue
+13% organic growth
150 000+ employees in 100+ countries
#1 on the Global 100 World’s most sustainable corporations

You must submit an online application to be considered for any position with us. This position will be posted until filled.

Schneider Electric aspires to be the most inclusive and caring company in the world, by providing equitable opportunities to everyone, everywhere, and ensuring all employees feel uniquely valued and safe to contribute their best. We mirror the diversity of the communities in which we operate, and ‘inclusion’ is one of our core values. We believe our differences make us stronger as a company and as individuals and we are committed to championing inclusivity in everything we do.

At Schneider Electric, we uphold the highest standards of ethics and compliance, and we believe that trust is a foundational value. Our Trust Charter is our Code of Conduct and demonstrates our commitment to ethics, safety, sustainability, quality and cybersecurity, underpinning every aspect of our business and our willingness to behave and respond respectfully and in good faith to all our stakeholders. You can find out more about our Trust Charter here
 
Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status, or any other legally protected characteristic or conduct.