The Cloud Security & Data Protection Architect (CSDPA) is our Business Unit’s (BU) Subject Matter Expert (SME) on cloud security, data privacy and data protection. This role is responsible for interpreting corporate data protection policy as it relates to the varied Building & IT offer portfolios; and for providing a uniform approach to data protection implementation in support of ever-changing data privacy legislation/regulations. The position is also responsible for leading, defining and driving secure cloud architectures and implementations that adhere to industry standards and regulations regarding both security and data protection & privacy. The CSDPA collaborates with the corporate Data Protection Officer (DPO), corporate cyber security architecture committee (CSAC), and cloud security & data privacy peers in the other BUs to promote standardization across our cloud-based solutions, application software and firmware-based hardware portfolios. The CSDPA is responsible for communication and status reporting of security implementations and data privacy initiatives within the BU. This role is highly focused on understanding both the present and future state of cloud security and data privacy/protection to assist in strategic planning, and customer support. Position reports to the BU Chief Product Security Officer (CPSO). The role provides advisement to senior cyber security team members in all data privacy related topics.
- Primary Data Privacy and Cloud Security advisor to offer teams.
- Keeps current on cloud security best practices and trends in the cloud ecosystem, as well as global data privacy legislation/regulations via direct investigation and networking with both internal resources and external sources.
- Interprets data privacy regulations relative to our product scope, use, market requirements, and integration specific considerations.
- Develops or specifies curriculum and delivers training on cloud security and data privacy to the LoBs (line-of-businesses).
- BU liaison to the corporate DPO and Schneider Electric Legal support staff.
- Addresses/coordinates responses to customer inquiries regarding cloud security and data privacy – maintains a FAQ database for reuse.
- Monitors secure development lifecycle for cloud developments, overall cloud security capability compliance, and data privacy compliance in the Divisions and LoBs, and maintains an inventory of regulation-compliant offers; identifies gaps and risks.
- Evaluates impacts of data privacy legislation upon our BU offers.
- Develops and constantly evolves our cloud security and data privacy roadmap.
- Analyzes the data privacy/protection positioning and capabilities of our competitors.
- Tracks and reports status of cloud and data privacy initiatives within the BU.
- Drives regular internal communications promoting cloud security and data privacy proactivity within the BU; to employees and specifically upper management.
- Generates cloud security and data privacy requirements for inclusion in product cyber security and master requirements documents.
- Guides and participates in generation of cloud and data privacy/protection-specific guidelines and internal standards.
- Authors position papers, white papers, blog posts, and seeks publication and presentation opportunities both within and external to the company.
- Represents Schneider Electric in relevant cloud security and data privacy standards bodies.
- Advise development teams on project-specific cloud security and data privacy/protection decision points – including selection of cloud platform, deployment strategy, data processing legal basis, privacy notification formulation, protection options . . .
- Assist teams in vetting offers for data privacy compliance; implementation of Data Privacy Execution Playbook and internal policies (e.g. Privacy by Design)
- Review implementations of cloud security and data privacy for thoroughness and satisfaction of intent
- Review cloud security and data privacy customer inquiries and formulate responses
- Periodic meetings with DPO and CSAC
- Coordinating cloud security and privacy requirements with all Security Advisors
- Education: 4-year technical degree in Information Assurance, Information Security, Computer Science, or related discipline; advanced technical degree(s) is a plus
- IAPP: CIPP, CIPM, CIPT, CCSK, or equivalent certification(s); EU expertise is a plus
- 4+ years of recent experience in cloud development
- Experienced in deploying in serverless and container based cloud environments, understands the inherent security strengths and weaknesses in each.
- 3+ years of experience in Industrial Control System products, or similar market
- Knowledgeable on various data privacy regulations; country, regional, and market segment-specific standards/specifications
- Languages: English; French is a plus
- Must be able to pass a background check
- Must be able to travel domestically and internationally (20-25%)
Note:Will consider exceptional recent graduate with broad scope project/intern experience.
- Designing and Architecting for Cloud deployment
- Basic to advanced computer skills, utilizing Word, Excel, PowerPoint . . .
- Demonstrated written and verbal communication skills
- Demonstrated self-motivation and self-management
- Problem-solving skills
- Strategic planning experience is a plus
- Knowledge of software development and release process
- Contract experience – writing content, working with legal staff
Primary Location: US-Tennessee-Franklin
Application Submission Information:
Primary Location is preferred, but locations noted above will be strongly considered.