IT Senior Security Analyst
About Genuine Parts Company
Imagine going to work every day knowing that you are part of something special; part of something that matters and that makes a real difference. Imagine working for a company whose reputation for excellence paves the way for more success. Imagine being part of a winning team where people don’t just work ‘jobs’, they build long-lasting, highly-satisfying careers.
Genuine Parts Company (GPC) has risen to the top of our industry by understanding the needs of those we serve – our customers and our employees – and then working hard, and smart, to meet those needs.
The true source of that success is the effort, commitment and intelligence of our nearly 40,000 employees. Across all of our business units, in locations worldwide, the people of GPC have diverse backgrounds and talents. But it’s what we share that makes us unique.
The IT Senior Security Analyst for the Automotive Parts Group (APG) is a hybrid role combining key aspects of Security Engineering and Architecture as a technical contact for new and existing solutions supporting Director, Security and Compliance. This role will provide direction to IT teams on the design and migration strategies for multiple cloud and on-premise solutions to ensure they are implemented in accordance with Genuine Parts Company (GPC) standards and security best practices. The successful candidate will demonstrate the ability to blend technical and business skills, including strategic thinking, innovative problem solving, effective communication and providing leadership to build and mature processes. The candidate will also have direct leadership responsibilities on projects and as such, must have demonstrated ability to drive projects to completion in a matrixed environment.
- Serves as a point of contact in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Assist with architecture involvement in projects, ensuring security requirements are included in the project plan and tracked to completion.
- Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
- Builds and maintains relationships with IT and business partners, including understanding their specific risk landscape, to assess and communicate business and security risks.
- Uses professional knowledge, skills, and experience to influence and guide, monitor, and credibly challenge business areas as they manage risk and make risk decisions.
- Develop training program for awareness within the organization and specialist training for targeted groups (e.g. DevSecOps) to maintain up to date with new developments and regulatory requirements.
- Assist in the promotion of a security and compliance culture that encourages an open-door policy for team members to seek clarification on security and compliance matters.
- Enable continuous improvements of the Security and Compliance function by identifying and communicating enhancement opportunities to leadership.
- Assist acquired entities achieve compliance with GPC and APG security requirements throughout the M&A due diligence and integration process.
- Bachelor’s degree in and 5+ years of experience in Computer Science, Engineering, IT Security or other related discipline or an equivalent combination of education and work experience.
- Strong knowledge of security issues, techniques and implications across existing enterprise platforms, such as databases, network, cloud infrastructures, Windows and Linux operating systems, etc.
- Working knowledge of software development principles and methodologies.
- Extensive knowledge of key security and IT compliance principles, theories and concepts.
- Ability to build effective internal and external relationships and communicate extensively with stakeholders at various levels and with varying backgrounds in a matrixed organization.
- Ability to work effectively, independent of assistance or supervision.
- Ability to provide direction and mentor less experienced and matrix teammates.
- Cloud security & architecture experience with most major cloud providers.
- Background in secure development practices, such as DevSecOps.
- Experience with performing penetration tests and vulnerability assessments.
- Familiarity with Governance, Risk and Compliance models.
- Knowledge of network protocols, data flows, and vulnerabilities within a TCP/IP environment.
- Ability to perform network protocol analysis and raw data capture.
- A solid understanding and knowledge of LDAP.
- Knowledge of OWASP, NIST CSF, ISO 2700x, PCI-DSS, and other industry standard security frameworks.
- Self-motivated, self-directed and shows attention to detail while working.
- Works ethically and with integrity supporting organizational goals and values.
- Displays commitment to excellence.
- Contributes to building a positive team spirit and treats others with respect.
- Maintains confidentiality of information and uses information appropriately.
- Exhibits sound judgment when making decisions and recommendations.
- Fosters collaboration toward a common vision and shared goals.
- Excellent communication skills.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.