Director, Security Hardening: Connected Cars & Telematics (plus internal corp security)

KORE1
Fountainvalley, CA
21 May 2024

Vacancy expired!

THIS ROLE REQUIRES ONSITE WORK IN FOUNTAIN VALLEY, CA WITH 25% TRAVEL THROUGHOUT THE US & INTERNATIONALLY. CANDIDATES CURRENTLY AUTHORIZED FOR WORK IN THE US / CURRENTLY LOCATED IN THE US THAT ARE MOTIVATED TO RELOCATE, WELCOME TO APPLY. RELOCATION ASSISTANCE IS AVAILABLE. KORE1, a nationwide provider of staffing and recruiting solutions, has an immediate opening for a Director, Security Hardening: Connected Cars & Telematics (plus internal corp security) The purpose of the Director, Infosec Protection Center position is to define North America (USA, Canada & Mexico) market specific requirements for the security elements of enterprise (internal corporate) AND automotive-related products and systems which provide connectivity to customers, dealers, employees as well as external devices, including the in-vehicle communications, information, and infotainment components. In seamless cooperation with Engineering, R&D, Manufacturing, Quality, IT and other relevant areas, this position will identify and effectively implement the North American market specific solutions to cybersecurity concerns and ensure all standards and requirements including regulatory compliance are met. Major ResponsibilitiesOversees strategy and governance of information security, risk management and information security operations for the US Market. Infosec protection center will be a business partner with the affiliate (IT outsourcing, Plant, Sales). Reporting to both US-based and international HQ top management. This position has primary responsibility to influence cyber security strategy actions cross-functionally.Maintains the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which our NA HQ manages.Protect critical assets through alignment and prioritization of cyber security investments.Provide highly skilled technical and information security expertise for development and implementation of the information security risk management program (Incident response plan) and vendor risk management program.Provide regular reporting on the status of the information security program to Legal/Privacy teams, senior business leaders and the Board of Directors as part of a strategic risk management program, thus supporting business outcomes.Understand and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.Define and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings (Internal/external auditors and federal and state regulatory agencies).Monitor the internal/external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.Lead security strategy development and initiatives aligning to industry standards and regulatory requirements.Drive security by design, SDLC methodologies and practices into IT operations and application development.Manage and lead security team members.Work across IT and internal Business units to develop and implement protection strategies and architectures across the IT enterprise.Oversee the identification, development and deployment of security solutions and technologies to protect the IT enterprise from cyber-threats.Collaborate closely with affiliate cybersecurity service providers and parent company to align on a holistic enterprise security vision and strategy.Evangelize our enterprise security program across Executive teams.Oversee incident response processes, monitor status, and report out to Executive stakeholders as needed. AuthorityExecutive authority to define security policy and programs.Management and development of division staff in alignment with HR policy.Vendor identification / selection in alignment with purchasing process policy.Development, acquisition, and execution of annual sub-division budget in alignment with Finance policy.Time off, Expense report, and Work from Home/Flexibility in alignment with company policies.

RequirementsMust have a Bachelor's degree in a technical discipline.Relevant certifications required (CISA, CISSP, CISM, etc. for example)8-15+ years of cyber security / IT security experience required (preferred iin medium to large enterprises)Strength in current state analysis of technology, processes, and teams to identify / remediate gaps Hands on experience in security (hardening) programs and processes in support of risk and compliance for an organization wide IT security architecture for internal corporate AND customer / data / telematics. Experience working with cloud environments (e.g., GCP, AWS, Azure) and an understanding of cloud security controls and practices.Knowledge of security architecture and threat modeling as well as system security hardening practices and controls.Knowledge of practices, designs and technologies used to secure IT systems.Experience with SDLC practices and operational implementationExpert level knowledge in as many of the following (or related) Security tools / processes as possible: Privacy by design (in terms of implementing controls in technology)Embedded application / device security (required)Telematics / connected vehicle platform security Security Information and Event Management (SIEM)Cloud Access Security Broker (CASB)Data Loss Prevention (DLP) tools Endpoint Protection Platform (EPP)Endpoint Detection and Response (EDR)Web filter / web app firewallsIPS / IDSThreat hunting / modelingEncryption / decryption / cryptographyApplication security / code analysis (web, mobile, internal business apps, APIs)DevOps / DevSecOps Working knowledge of IT cybersecurity standards and regulations in US.Prior experience as the head of one of the following (a) security division (b) Security Ops (c) GRC (d) Risk/Compliance helpful, but we have a separate Information Security Group. You / your team will be implementing their controls into the environmentExpert level knowledge of ISO27001 or ISO 27701 or NIST Cybersecurity Framework or CIS 18 controls.Ability to assess operational and strategic strengths/weaknesses and make recommendations to leverage or augment. Physical RequirementsNormal office duties Travel: 0% - 25% Work ModelHybrid Compensation depends on experience, but is typically $200-250K plus 20% bonus. However, we have advised our client that this might be off-market & are willing to send qualified candidates over-budget for the role. #LI-JB1 ABOUT KORE1 Specializing in professional and technical recruiting, KORE1 is committed to supporting top IT, Engineering, Creative, Scientific, Accounting and Finance professionals in their career paths. We build deep relationships with leading companies, connecting them to exceptional talent every day. With extensive industry expertise and unmatched opportunities, our goal is to provide a unique experience for our contractors and consultants as they prepare for their next role. We are passionate about matching the right people with the right companies.Kore1 provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Kore1 complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Kore1 expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Kore1's employees to perform their job duties may result in discipline up to and including discharge.

  • ID: #49976245
  • State: California Fountainvalley 92728 Fountainvalley USA
  • City: Fountainvalley
  • Salary: $200,000 - $250,000 /yr
  • Job type: Permanent
  • Showed: 2023-05-21
  • Deadline: 2023-07-19
  • Category: Et cetera