About
Product Security Governance Analyst with 2 years of dedicated experience at Schneider Electric, specializing in cybersecurity strategy, IEC 62443 internal audits, and policy review for global compliance. Proven track record in securing the Saudi Aramco CCC and integrating Secure Development Lifecycle (SDL) standards across product lines. Expert in managing customer security due diligence (RFPs, SBOMs, technical questionnaires) and leveraging Tableau to provide real-time visibility into internal SDL activities and vulnerability risks. A CompTIA Security+ and ISC2 CC certified professional with international experience presenting strategy in France. Recipient of the ‘Extra Miler’ award for exceptional performance in global security strategy and governance initiatives.
Skills & Expertise (15)
Work Experience
Product Security Governance Analyst
Schneider Electric
Jan 2022 - Present
Managed annual Product Security workshops and assessments for ecosystem entities; tracked post-assessment action plans through monthly governance calls to improve the overall product security posture. Facilitated IEC 62443 internal surveillance audits and led the annual Saudi Aramco CCC audit, managing evidence presentation to secure business continuity for the firm’s largest account. Directed the annual reassessments for RiskLedger and CyberVadis; notably improved the 2024 CyberVadis score from 928 to 990/1000 through meticulous evidence gathering, achieving the prestigious Platinum Tier rating. Orchestrated the end-to-end process for 1,000+ annual customer cybersecurity due diligence requests (RFPs, penetration test reports, contracts, T&Cs, NDAA 889, SBOMs, etc.), supporting a sales pipeline valued at €4.2 Billion using automated tools like ServiceNow and Responsive. Enhanced the Offer Lifecycle Management (OLM) process by conducting a detailed review and integrating critical cybersecurity checkpoints previously absent from the lifecycle. Served on the External Exposure Management taskforce to identify and remediate open ports across 300 Azure subscriptions, facilitating migrations to the Azure Landing Zone (ALZ). Conducted a comprehensive technical review of the Internal Product Security Portal, scrutinizing all process documentation to identify gaps and mandate necessary updates in preparation for successful external audits (such as IEC 62443-4-2) by TUV and Bureau Veritas. Administered the CRA gap assessment data framework, specializing in the analysis of Line of Business (LoB) compliance trends. Synthesized these findings into the Product Security Monthly Maturity (PSMM) reporting cycle for the Group CISO and CPSO, ensuring executive visibility into the firm’s EU regulatory alignment. Developed a global Tableau dashboard for Coverity (SAST tool) as part of a strategic ‘Shift Left’ initiative within SDL activities; enabled real-time monitoring of CWE violations to remediate basic vulnerabilities during the V&V (Verification & Validation) stage, significantly reducing security risks prior to customer release. Acted as the Tableau SME to engineer a centralized executive dashboard comprising 10+ complex sheets for tracking highly sensitive SDL metrics. This high-security dashboard—restricted exclusively to leadership—provided real-time visibility into internal/external vulnerabilities, penetration test results, static code analysis (SAST), and SCA/SBOM details to drive data-informed risk management. Engineered complex Power Automate flows, including a self-service CRA query automation system that eliminated manual intervention by routing inquiries to Domain Leaders and managing the end-to-end response lifecycle. This system integrated a mandatory legal review cycle to validate responses before automatically returning finalized guidance to the requester, ensuring both efficiency and regulatory accuracy. Led customer-facing communications and post-incident reporting for 2 high-priority (P1) security incidents, participating in executive war rooms to drive resolution. Conducted a comprehensive gap analysis between Microsoft SDL best practices and the existing internal SDL framework. Utilized these findings to establish the technical foundation for a newly streamlined ‘SDL for Applications’ policy, effectively addressing the limitations of the legacy framework to improve developer adoption.
Education
B.Tech. – CSE with specialization in Cyber Security & Digital Forensics - Vellore Institute of Technology, Bhopal
2020 - 2024 · Afghanistan
Class XII - FIITJEE, Hyderabad
- 2020 · Afghanistan
Certifications
CompTIA Security+ SY0-701
· 2023
AWS Certified Cloud Practitioner
· 2023
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
