IT Information Security Lead, SP Richards
The Information Security Lead- SP Richards is responsible for managing all aspects of the SP Richards Cyber Security Program and will serve as the primary point of contact within SP Richards for all security related items and issues. The Information Security Lead- SP Richards will be responsible for researching, testing, training and implementing the Genuine Parts Company (GPC) Enterprise Security Policies to safeguard critical information from any possible breaches.
- Implement designated security controls on critical items (applications, assets, and data) in accordance with GPC Security Policies and Standards.
- Monitor, maintain, and report compliance with GPC Enterprise Security Policies, and Standards to the GPC Director of Global GRC.
- Ensure that all security risks and findings (e.g., vulnerability scanning, penetration testing, risk assessments, etc.) are remediated in accordance with the established GPC Security Policies and Standards.
- Ensure that software patches are installed in accordance with the established GPC Security Policies and Standards.
- Establish holistic Incident Management process within SP Richards, including notification protocols to GPC Enterprise Security.
- Create Incident Response run books and conduct training exercises in accordance with GPC Security Polices and Standards.
- Establish holistic Risk Management process within SP Richards and ensure alignment with GPC Security Policies and Standards.
- Ensure Regulatory Compliance (e.g. PCI and GDPR) as appropriate and provide regular updates and status to the GPC Director of Global GRC
- Provide timely reporting (Monthly and Quarterly) to GPC Enterprise Security & SP Richards leadership (President and CIO) as prescribed by GPC Enterprise Security.
- Ensure security requirements are embedded in SP Richards processes including but not limited to change management, configuration management, software development life cycle, and asset management.
- Provide ongoing security awareness training to all employees within SP Richards.
- Identification and protection of critical business processes, applications, data, and assets
- Work with the Director of Global Cyber Defense to ensure that SP Richards projects, applications, and infrastructure are reviewed and in compliance with GPC Security Engineering & Architecture standards.
- Work with the CISO and Enterprise Security Directors to define metrics and reporting strategies that effectively communicate successes and progress of the SP Richards security program.
- Bachelor’s degree required, preferably in Computer Science or Information Technology or equivalent experience
- A minimum of 15 year of IT experience, minimum 8 years of which need to be in an information security role.
- A minimum of 5 years in a supervisory capacity, preferably in security operations.
- Experience with Global Security Organizations is desired
- A CISSP, CISA, CISM or equivalent certification is required
- Works ethically and with integrity supporting organizational goals and values
- Displays commitment to excellence
- Completes work in a timely manner and meets deadlines
- Contributes to building a positive team spirit and treats others with respect
- Maintains confidentiality of information and uses information appropriately
- Exhibits sound judgment when making decisions and recommendations
- Fosters collaboration toward a common vision and shared goals
- Ability to work effectively, independent of assistance or supervision
- Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone to convey critical information
- Ability to multi-task and adjust to changing priorities in order to meet customer expectations
- Attention to detail, and experience working in a large segmented organization
- Innovative, creative, and extremely responsive, with a strong sense of urgency
- Strong knowledge of security concepts
- Strong analytical, technical, and problem-solving skills
- Strong leadership skills and the ability to work effectively with business managers and IT teams in a collaborative team-oriented environment is essential.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST-800 series and the IT Infrastructure Library (ITIL).
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.