Director, Enterprise IT Risk Management

Director, Enterprise IT Risk Management & Audit Digital Leader is responsible for defining, implementing, and overseeing the enterprise-wide IT risk management strategy, framework and execution. Your role This role ensures alignment with internal audit, cybersecurity, compliance, and governance functions, and drives proactive risk mitigation across digital platforms, infrastructure, and applications. The leader will serve as the primary liaison between IT and internal/external audit teams and executive stakeholders. You will ensure alignment and readiness for all IT-related audits and will have 3 direct reports. Your main responsibilities Strategic Risk Leadership Develop and execute the enterprise IT risk management framework aligned with business objectives and regulatory requirements. Define risk appetite and tolerance levels in collaboration with executive leadership. Lead risk identification, assessment, and mitigation strategies across IT domains. Audit & Governance Coordination Act as the central point of contact for internal and external audits related to ITGC, ITAC, cybersecurity, and disaster recovery. Collaborate with audit teams to define scope, timelines, and deliverables. Facilitate walkthroughs, evidence collection, and stakeholder engagement across IT and business units. Track and report remediation efforts and audit findings. Cybersecurity & Compliance Partner with cybersecurity teams to validate control design and effectiveness across identity management, endpoint protection, and incident response. Ensure readiness for frameworks such as NIST, ISO 27001, PCI-DSS, and GDPR. IT General Controls (ITGC) Establish ITGC Framework for Enterprise IT. Support testing and documentation of controls related to access management, change management, backup and recovery, and segregation of duties. Ensure consistency across federated ERP systems and global platforms (e.g., SAP, Oracle, Coupa, SailPoint). Application & Infrastructure Risk Oversee risk controls for application lifecycle management, including patching, configuration, and decommissioning. Coordinate with infrastructure and application owners to ensure DR plans are documented, tested, and aligned with policy requirements. Support network security audits and third‑party access reviews. Reporting & Communication Consolidate audit findings and track remediation plans across IT domains. Prepare executive dashboards and summaries for leadership. Communicate risk policies and processes across the organization. Provide training and awareness programs to foster a risk control culture. Your profile Master’s or Engineer’s degree in IT, Cybersecurity, Risk Management or related field Certifications such as CGEIT, CRISC, CISA, CISM, CISSP, PMP and/or ITIL are highly desirable. 10+ years of experience in IT risk management, Cybersecurity or Digital Governance with 5+ years in leadership roles with cross‑functional influence. Prior experience in external or internal audit experience is a plus. Experience working in a matrixed, global organization is a plus. Strong analytical, strategic thinking, problem‑solving capabilities and practical execution. Excellent communication and stakeholder management skills. Deep understanding of IT control frameworks, NIST, ISO 27001, PCI‑DSS, and GDPR. Familiarity with tools like SAP GRC, ServiceNow, and audit management platforms. High attention to detail, ability to work under pressure and manage multiple priorities. Broad understanding of technology landscapes (security, infrastructure, cloud, data privacy, pentesting, network). Fluent English. We know skills and competencies show up in many ways and can be based on your life experience. If you do not necessarily meet all the requirements that are listed, we still encourage you to apply. Schneider Electric aspires to be the most inclusive and caring company in the world, by providing equitable opportunities to everyone, everywhere, and ensuring all employees feel uniquely valued and safe to contribute their best. We mirror the diversity of the communities in which we operate, and “inclusion” is one of our core values. We believe our differences make us stronger as a company and as individuals and we are committed to championing inclusivity in everything we do. At Schneider Electric, we uphold the highest standards of ethics and compliance, and we believe that trust is a foundational value. Our Trust Charter is our Code of Conduct and demonstrates our commitment to ethics, safety, sustainability, quality and cybersecurity, underpinning every aspect of our business and our willingness to behave and respond respectfully and in good faith to all our stakeholders. You can find out more about our Trust Charter here. Schneider Electric is an Equal Opportunity Employer. It is our policy to provide equal employment and advancement opportunities in the areas of recruiting, hiring, training, transferring, and promoting all qualified individuals regardless of race, religion, color, gender, disability, national origin, ancestry, age, military status, sexual orientation, marital status or any other legally protected characteristic or conduct. #J-18808-Ljbffr