Job Description

Schneider Electric Internal Audit (IA) department is part of the Governance Function within Schneider Electric (SE) and operates from several locations across the world. It is part of the 3rd line of defense who finally reports to the Chief Governance Officer (CGO) and the Audit Committee. The IT audit team within IA has a global scope, i.e. covers all geographical locations of SE, and executes all IT audits, including cybersecurity or more specific technology-related subjects.

The IT audit team, within IA has one open position for an IT internal auditor to perform audit and control activities with our Entities and teams. * Key responsibilities

• Assist and execute 3rd line of defense assurance assessments (testing and evidence-based reviews) based on mission-oriented controls.
• Follow the established IA audit methodology and its processes and quality assurance tasks.
• Manage several engagements, with the support and constant coordination of the Head of internal IT audit team.
• Draft and approve audit reports based on the assessment result and provide feedback to audited team on identified gaps and potential solutions.
• Provide opinions on audit results and consultative advice.
• Be available for troubleshooting and general support for the IA team.
• Store and manage results into central audit repositories.
• Assist the internal IT audit team to conduct analysis of results and determine trends and threats.
• Identify and manage risks related to IT and cybersecurity protection, and escalate risks and issues as needed.
• Interact and deliver with specialists across multiple departments within SE.
• Actively participate in internal awareness, training, and other events within IA and SE.
• Be available for travelling to audit locations (NB: this is conditioned by the current ongoing pandemic and travel will only occur when the situation has improved sufficiently as to allow for travelling to resume in safe conditions).

We are looking for candidates that can execute their tasks autonomously, with a natural tendency towards driving activities and a strong team spirit. They should also be able to convey messages in a constructive way and adopt a positive mindset within the team, while exhibiting critical and independent thought. Our team members are expected to consistently demonstrate proactivity, transparency and accountability for identifying and communicating IT and cybersecurity protection risks. They should strive to evaluate the implications of their actions on colleagues and stakeholders before making decisions, and escalate issues to their manager when unsure, while demonstrating a calm professional approach, with a good understanding of delivery within time constraints. * Location of position

• The position will be based at SE office in Bangalore, India.
• Education

• Min. a computer science Master or similar from a University or engineering school (alternatively a professional Master level qualification relevant to IT and cybersecurity)
• Certifications in information security (CISA, CISM, CISSP) and/or ISO27XXX would be a plus

Qualifications * Skills and competencies

Mandatory

• 5 years\xe2\x80\x99 experience in information security field/auditing
• Professional English proficiency (oral and written, including presentation)
• High quality report production
• Strong stakeholder engagement
• Previous experience of working with assurance / controls frameworks e.g. IT General Controls, ISO 27XXX, NIST etc.
• A hybrid understanding of crossover between IT, business, legal, and information security requirements
• Ability to conduct security audits against such various control sets.
• Demonstrated leadership and problem-solving skills, and ability to work under pressure
• Ability to analyse penetration testing reports, with knowledge on vulnerabilities (CVE, and more widely the MITRE tools and framework, or similar)
• Effective communication with C-level management
• Good understanding of the types of security risks and threats that controls mitigate
• Ability of assessing and sampling audit scope and controls in limited timescales
• Be able to provide recommendations and advice on any improvements needed
• Demonstrate a good understanding of the principles and requirements for industry-related IT and infosec risks
• Be able to describe technical controls to non-technical people. Adapting the formulations to the audience
• Very strong rigor when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.

Desirable

• Physical security knowledge
• Previous experience within a Big 4 external auditing/consultancy firm
• Ability to conduct penetration testing
• Knowledge and/or previous technical expertise in computer science and code development

Schneider Electric