Great people make Schneider Electric a great company! Schneider Electric Internal Audit (IA) department is part of the Governance Function within Schneider Electric (SE) and operates from several locations across the world. It is part of the 3 rd line of defense who finally reports to the Chief Governance Officer (CGO) and the Audit Committee. The IT audit team within IA has a global scope, i.e. covers all geographical locations of SE, and executes all IT audits, including cybersecurity or more specific technology-related subjects. We are looking for candidates that can execute their tasks autonomously, with a natural tendency towards driving activities and a strong team spirit. They should also be able to convey messages in a constructive way and adopt a positive mindset within the team, while exhibiting critical and independent thought. Our team members are expected to consistently demonstrate proactivity, transparency and accountability for identifying and communicating IT and cybersecurity protection risks. They should strive to evaluate the implications of their actions on colleagues and stakeholders before making decisions, and escalate issues to their manager when unsure, while demonstrating a calm professional approach, with a good understanding of delivery within time constraints.Responsibilities

• Assist and execute 3 rd line of defense assurance assessments (testing and evidence-based reviews) based on mission-oriented controls.
• Follow the established GIA audit methodology and its processes and quality assurance tasks.
• Manage several engagements, with the support and constant coordination of the Head of internal IT audit team.
• Draft and approve audit reports based on the assessment result and provide feedback to audited team on identified gaps and potential solutions.
• Provide opinions on audit results and consultative advice.
• Be available for troubleshooting and general support for the GIA team.
• Store and manage results into central audit repositories.
• Assist the internal IT audit team to conduct analysis of results and determine trends and threats.
• Identify and manage risks related to IT and cybersecurity protection, and escalate risks and issues as needed.
• Interact and deliver with specialists across multiple departments within SE.
• Actively participate in internal awareness, training, and other events within GIA and SE.
• Be available for travelling to audit locations (NB: this is conditioned by the current ongoing pandemic and travel will only occur when the situation has improved sufficiently as to allow for travelling to resume in safe conditions).

Qualifications Mandatory

• Solid experience in information security field/auditing
• Min. a computer science Master or similar from a University or engineering school (alternatively a professional Master level qualification relevant to IT and cybersecurity)
• Certifications in information security (CISA, CISM, CISSP) and/or ISO27XXX would be a plus
• Professional English proficiency (oral and written, including presentation)
• High quality report production
• Strong stakeholder engagement
• Previous experience of working with assurance / controls frameworks e.g. IT General Controls, ISO 27XXX, NIST etc.
• A hybrid understanding of crossover between IT, business, legal, and information security requirements
• Ability to conduct security audits against such various control sets.
• Demonstrated leadership and problem-solving skills, and ability to work under pressure
• Ability to analyse penetration testing reports, with knowledge on vulnerabilities (CVE, and more widely the MITRE tools and framework, or similar)
• Effective communication with C-level management
• Good understanding of the types of security risks and threats that controls mitigate
• Ability of assessing and sampling audit scope and controls in limited timescales
• Be able to provide recommendations and advice on any improvements needed
• Demonstrate a good understanding of the principles and requirements for industry-related IT and infosec risks
• Be able to describe technical controls to non-technical people. Adapting the formulations to the audience
• Very strong rigor when logging and tracking issues through to conclusion.
• Ability to manage their workload as to meet the realistic targets and priorities set in conjunction with management.

Desirable

• Physical security knowledge
• Previous experience within a Big 4 external auditing/consultancy firm
• Ability to conduct penetration testing
• Knowledge and/or previous technical expertise in computer science and code development

Location of position: Chácara Santo Antônio/SP (Hybrid Work) Por que nós? Na Schneider Electric, estamos comprometidos com a criação de um local de trabalho que lhe dê não apenas um emprego, mas um propósito significativo ao se juntar à nossa missão de levar energia e eficiência para possibilitar a vida, o progresso e a sustentabilidade para todos. Acreditamos em capacitar os membros de nossa equipe para que atinjam seu potencial máximo, promovendo um senso de propriedade em seu trabalho. Adotamos a inclusão como um valor fundamental, garantindo que todas as vozes sejam ouvidas e valorizadas. Valorizamos as diferenças e damos as boas-vindas a pessoas de todas as esferas da vida. Acreditamos na igualdade de oportunidades para todos, em todos os lugares. Se você deseja fazer parte de uma empresa em que suas contribuições realmente importam, em que você tem autonomia para fazer a diferença e em que a inclusão é valorizada, gostaríamos de ouvi-lo. Descubra sua carreira significativa, inclusiva e capacitada na Schneider Electric. Receita global de 34,2 bilhões de euros+12% de crescimento orgânico Mais de 135.000 funcionários em mais de 100 países#Número 1 no Global 100, as empresas mais sustentáveis do mundoTem de submeter uma candidatura online para ser considerada para qualquer posição connosco. Esta posição será afixada até ser preenchidaA Schneider Electric aspira ser a empresa mais inclusiva e atenciosa do mundo, oferecendo oportunidades equitativas a todos, em todos os lugares, e garantindo que todos os funcionários se sintam valorizados e seguros para dar o melhor de si.Isso também se estende aos nossos candidatos e defendemos a inclusão e o cuidado em nossa experiência de candidato e práticas de contratação.Você pode saber mais sobre nosso compromisso com a Diversidade, Equidade e Inclusão aqui e sobre nossa Política de DEI aquiÉ política da Schneider Electric, fornecer oportunidades de emprego e progressão iguais nas áreas de recrutamento, contratação, formação, transferência e promoção de todos os indivíduos qualificados, independentemente da raça, religião, cor, género, deficiência, origem nacional, ascendência, idade, estado militar, orientação sexual, estado civil ou qualquer outra característica ou conduta legalmente protegida.Relativamente às agências: A Schneider Electric não aceita currículos não solicitados e não será responsável por taxas relacionadas com esses.