长沙招聘

职位描述：

此职位base北京或上海皆可。

The Regional Applications Security and Compliance Manager will work with project delivery teams to support them along the applications certification journey. This includes:

• Hold full responsibility for the Application Security and Compliance Framework in the Region.
• Establish and maintain communication with regional project delivery teams, project and program managers, regional IT leaders, and experts.
• Reach and maintain a 100% level of awareness about the Application Security and Compliance in the region. Train project delivery teams on using the framework ensuring their familiarity with a process and its application.
• Regularly communicate the framework to the IPO and other relevant teams in a region through presentation, webinars, educational sessions, coaching sessions and social media.
• Ensure that the Application Security and Compliance Framework is properly deployed and followed in the region.
• Support project delivery team along the application security and compliance journey following a standardized process and applying a framework rigorously.
• Process certification requests within the region, conduct risk assessments of applications with the support of the Application Security and Compliance center and the network of internal experts at Schneider Electric; identify critical risks, propose mitigation steps for identified risks and threats, and issue a risk assessment report.
• Support project delivery teams during a risk mitigation phase helping them to find the most effective solutions through providing them relevant guidelines, engaging with the Application Security and Compliance Center, relevant experts, and building consensus on risk mitigation actions.
• Assist project delivery team at a certification stage, ensuring that all documentary evidences of risk mitigation actions collected properly, and engage with the Application Security and Compliance requesting a certification procedure.
• Track and monitor the pipeline of requests, establish metrics and reporting in the region.
• Ensure a 100% level of customer satisfaction.

• Expertise in applying Information Security Management principles and standards in areas such as threats and vulnerabilities, risk assessment and mitigation, security policy and security management process
• Expertise in ensuring compliance with personal data protection legislation at a national level
• Expertise in Cloud Security Assessment and Security Audits of Cloud Environment
• Understand application architecture and how security fits into each component in areas such as:
  • Data flow
  • Identity and Access management (user and administrator level)
  • Operational support process
  • Data protection (backup, archiving, disaster recovery)
• Understanding the general IT security principles
• Understanding the project excellence and software development lifecycle
• Understanding Schneider Electric IT architectural landscape globally and at a regional level (Desirable)
• Understanding IPO policies and being able to direct project teams to guidelines that apply to their application (Desirable)

举报 分享

在施耐德电气，我们相信，获取能源并利用数字技术是人们的基本权力, 我们助力所有人以更少的资源创造更多的价值, 并确保每一个人，在任何时间，任何地点都能尽享Life Is On。
我们提供能源与自动化数字解决方案，以实现高效和可持续。我们将世界领先的能源技术、自动化技术、软件及服务融合于整体解决方案之中，服务于家居、楼宇、数据中心、基础设施和工业市场。
我们致力于打造有意义、包容和赋能的企业价值观，我们承诺让这个开放的，全球化的，创新的生态圈释放无限可能。
创造平等机会是施耐德电气可持续发展战略的重要组织部分之一，它旨在认同所有员工得到独特的重视，不同性别、国籍、文化、代际的员工都能在包容的环境中发展并做出自己的***贡献。其中，性别平等尤为相关且重要。性别平等不是偏爱***或者关注某些个体，更重要的是建立促进男女平等的制度和文化认知，培育适合***的土壤，创造更大的空间，同时给予养分促进发展。