Vacancy expired!
- Oversees strategy and governance of information security, risk management and information security operations for the US Market. Infosec protection center will be a business partner with the affiliate (IT outsourcing, Plant, Sales). Reporting to both US-based and international HQ top management. This position has primary responsibility to influence cyber security strategy actions cross-functionally.
- Maintains the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which our NA HQ manages.
- Protect critical assets through alignment and prioritization of cyber security investments.
- Provide highly skilled technical and information security expertise for development and implementation of the information security risk management program (Incident response plan) and vendor risk management program.
- Provide regular reporting on the status of the information security program to Legal/Privacy teams, senior business leaders and the Board of Directors as part of a strategic risk management program, thus supporting business outcomes.
- Understand and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
- Define and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings (Internal/external auditors and federal and state regulatory agencies).
- Monitor the internal/external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
- Lead security strategy development and initiatives aligning to industry standards and regulatory requirements.
- Drive security by design, SDLC methodologies and practices into IT operations and application development.
- Manage and lead security team members.
- Work across IT and internal Business units to develop and implement protection strategies and architectures across the IT enterprise.
- Oversee the identification, development and deployment of security solutions and technologies to protect the IT enterprise from cyber-threats.
- Collaborate closely with affiliate cybersecurity service providers and parent company to align on a holistic enterprise security vision and strategy.
- Evangelize our enterprise security program across Executive teams.
- Oversee incident response processes, monitor status, and report out to Executive stakeholders as needed.
- Executive authority to define security policy and programs.
- Management and development of division staff in alignment with HR policy.
- Vendor identification / selection in alignment with purchasing process policy.
- Development, acquisition, and execution of annual sub-division budget in alignment with Finance policy.
- Time off, Expense report, and Work from Home/Flexibility in alignment with company policies.
- Must have a Bachelor's degree in a technical discipline.
- Relevant certifications required (CISA, CISSP, CISM, etc. for example)
- 8-15+ years of cyber security / IT security experience required (preferred iin medium to large enterprises)
- Strength in current state analysis of technology, processes, and teams to identify / remediate gaps
- Hands on experience in security (hardening) programs and processes in support of risk and compliance for an organization wide IT security architecture for internal corporate AND customer / data / telematics.
- Experience working with cloud environments (e.g., GCP, AWS, Azure) and an understanding of cloud security controls and practices.
- Knowledge of security architecture and threat modeling as well as system security hardening practices and controls.
- Knowledge of practices, designs and technologies used to secure IT systems.
- Experience with SDLC practices and operational implementation
- Expert level knowledge in as many of the following (or related) Security tools / processes as possible:
- Privacy by design (in terms of implementing controls in technology)
- Embedded application / device security (required)
- Telematics / connected vehicle platform security
- Security Information and Event Management (SIEM)
- Cloud Access Security Broker (CASB)
- Data Loss Prevention (DLP) tools
- Endpoint Protection Platform (EPP)
- Endpoint Detection and Response (EDR)
- Web filter / web app firewalls
- IPS / IDS
- Threat hunting / modeling
- Encryption / decryption / cryptography
- Application security / code analysis (web, mobile, internal business apps, APIs)
- DevOps / DevSecOps
- Working knowledge of IT cybersecurity standards and regulations in US.
- Prior experience as the head of one of the following (a) security division (b) Security Ops (c) GRC (d) Risk/Compliance helpful, but we have a separate Information Security Group. You / your team will be implementing their controls into the environment
- Expert level knowledge of ISO27001 or ISO 27701 or NIST Cybersecurity Framework or CIS 18 controls.
- Ability to assess operational and strategic strengths/weaknesses and make recommendations to leverage or augment.
- Normal office duties
- ID: #49969841
- State: California Fountainvalley 92708 Fountainvalley USA
- City: Fountainvalley
- Salary: $175,000 - $250,000
- Job type: Permanent
- Showed: 2023-05-20
- Deadline: 2023-07-18
- Category: Et cetera