- Automotive Group
- Industrial Group
- Career Areas
- Working Here
- Social Impact
- Students & Grads
Director, Identity & Access Management
Genuine Parts Company (“GPC” or the “Company”) founded in 1928 and based in Atlanta, Georgia, is a leading distributor of automotive and industrial replacement parts and value-added services. The Company operates a global portfolio of businesses with more than 10,000 locations across the world. GPC has approximately 50,000 global employees. The Company has operations in the United States, Canada, Mexico, Australia, New Zealand, Indonesia, Singapore, France, the U.K., Germany, Poland, the Netherlands, Belgium, Spain and China.
The IT Director, Identity & Access Management is responsible for providing leadership in the areas of Identity and Access Management with special emphasis on Identity and Access Management for employees, customers and privileged access management. This position will lead the management of the Identity Access Management function and will safeguard Genuine Parts Company global brands by promoting, implementing and supporting controls to manage risks associated with identity. Through collaboration with other IT and company stakeholder leaders, this role will help ensure our Identity Access and Provisioning posture is strong, proactive and aligns with our current and future business objectives.
This role is responsible for assisting in design and support of the GPC enterprise-wide identity, access management and governance strategy that meets the needs of our current and future acquired operational locations. The person in this position is responsible for providing expert advice and effective oversight of information security and technology risk activities to identify, assess, control, and manage identity and access risks throughout Genuine Parts Company. This role is charged with overseeing identity risk aggregation, correlation of risk, and reporting in support of enterprise-wide objectives. This role will lead our Identity & Access Management team to meet both regulatory and contractual regulatory obligations.
- Serves as an internal information security consultant to the enterprise while balancing the needs of the day-to-day business.
- Include focus and expertise in Privileged Access Management (PAM), Customer Identity Access Management (CIAM), Identity Governance and Administration (IGA) and Employee Identity Access Management (EIAM) to include Single Sign on and Multi-factor authentication.
- Research and recommend solutions that meet security standards while ensuring functionality for business continuity.
- Develop security test scenarios for unit, process, function, integration, and acceptance testing.
- Design integration schema and linkage for multi-platform business and technological solutions.
- Evaluates the security of new technologies and assist with the plan to integrate them into the company environment.
- Help develop the policies and procedures in conjunction with the established IT governance channels to manage the use and operation of these systems
- Recommend best practices for security controls without hindering functionality.
- Define the minimum access and identity configuration standards for all IT systems.
- Evaluates new and proposed security systems and technologies.
- Reviews, develops, test, and implements security plans, products, and control techniques.
- Develops guidelines for the usage, control, maintenance, and auditability of information and computer resources.
- Other duties as assigned
- GPC has two work locations to choose from, Duluth or Atlanta office.
- We offer a Flexible Work Policy that permits eligible employees to work remotely
Desired Qualifications & Experiences:
- BS/BA degree and specialized information security technical training required. An advanced degree is a plus.
- A reputable security certification (CISSP, CISSP w/specialization HCISPP, GIAC, CISA, etc.) is required
- A minimum of 6 years of progressive Information Security experience.
- A minimum of 3+ years of management experience leading information security.
- Identity & Access Management to include governance experience is required.
- Experience in security architecture design is a plus.
- Working knowledge of workday & peoplesoft ERP are a plus.
- Working knowledge of IAM platforms are a plus
- In-depth knowledge of information security industry and regulatory obligations (Sarbanes-Oxley (SOX), HIPAA, GLBA, PCI DSS, HITRUST, NIST Framework, etc.).
- Working knowledge of Microsoft Active Directory.
- Ability to analyze all layers of the OSI model from the security stance.
- Prepare and present plans/designs to IT and business leaders.
- Advocate the integration of solutions into the enterprise directory structure.
- In-depth knowledge of networking technologies and architecture.
- Prioritize tasks effectively to meet project deadlines and deliverables.
- ITIL familiarization - managing incidents, requests, and changes. Experience is a plus.
- Excellent problem-solving ability.
- High degree of self-motivation.
- Competent using the Microsoft Office suite of products.
Additional Knowledge, Skills and Attributes (Underlying skills and abilities that enable the execution of duties and responsibilities)
- Federal, state and global laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);
- Industry security standards (e.g., NIST), with healthcare industry standards such as CMS, JCAHO, etc. is required.
- Platform independent information security policy and standards.
- E-commerce/e-business security related strategies, policies, and standards.
- Enterprise security awareness program practices that incrementally create organizational security awareness and education.
- Compliance programs to help ensure conformity with established enterprise security policies, practices, and standards.
- Risk assessment processes for the protection of electronic information assets; and
- Large scale Wide Area Network and multiple platform environments with both decentralized and centralized focuses.
- Superior analytical skills to identify high-risk security breach opportunities with the ability to develop solutions to prevent, correct, detect, or mitigate security risks via people, processes and technology.
- Ability to relate business requirements and risks to technology implementation for security-related activities.
- Ability to collaborate with IT&S and business area professionals to identify/recommend applicable security practices/controls rather than dictating security methods.
- Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care.
- Solid project management and collaboration skills, especially in a cross-functional dynamic team environment.
- Excellent oral and written communication skills with the ability to present and discuss technical information in a manner that establishes rapport, persuades others, and allows the individual to increase understanding of subject matter.
- Working both independently and with key stakeholders to develop security policy and standards.
- Taking initiatives toward personal development such as maintaining skills and obtaining professional certifications (e.g., Information Systems Security Association, Certified Information Systems Security Professional, etc.).
- Must be willing to travel occasionally.
- Must be willing to respond to information security issues surrounding identity access management 24x7.
GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.