Genuine Parts Careers

Cyber Security Director, Global Risk & Compliance

ATLANTA, GA
Information Technology


Job Description

Job ID: 215265
Full/Part Time: Full-Time
Regular/Temporary: Regular

Closing Statement

Genuine Parts Company (GPC) is a service organization engaged in the distribution of automotive replacement parts, industrial replacement parts, office products and electrical/electronic materials.  Our products and services are offered through a network of over 2,000 operations, geographically located across the United States, Canada and Mexico.

With over 80 years of distribution expertise, our well-positioned, regionally located distribution centers provide us with the unique ability to adapt our product and service lines to better suit our customers' needs.  GPC's commitment and reputation for just-in-time service position us as a critical partner in our customers' success.

GPC began to diversify its product lines over 30 years ago into several end-markets with strong growth opportunities.  Although each product is unique, we have leveraged more than 80 years of distribution know-how to manage these businesses the GPC way - continually improving operating and distribution efficiencies.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.


Job Description

Genuine Parts Company (GPC) is currently looking for a Director of Global Risk and Compliance for our Enterprise Cyber Security business.  This role within the IT Security team will lead the IT Risk and Compliance team, providing leadership and hands on guidance for all security governance, risk and compliance related initiatives. This position also acts as the Security liaison with the IT operations and application development teams for ongoing compliance initiatives.


Qualifications

  • BA/BS degree in Computer Science or related technical field, or equivalent practical experience.

  • CISSP, CISM, CISA, CIPP or similar certifications

  • Practical experience in managing Business Continuity and/or Incident Response programs

  • Experience working with IT technologies such as Cloud, big Data and mobile

  • Ten + years’ experience leading and managing IT projects and teams

  • Knowledge of information security standards, rules and regulations related to information security and data confidentiality on a global perspective – to include PCI-DSS, SOX, NIST

  • Knowledge of infrastructure and application security principles for risk identification and analysis

  • Experience in third-party IT security management

  • Experience leading associate security or privacy awareness programs

  • Excellent written, oral, and interpersonal communication skills

  • Ability to present ideas in business-friendly and user-friendly language

  • Highly self-motivated and directed

  • Team-oriented and skilled in working within a collaborative environment

 


Responsibilities

  • Develop, implement, maintain and manage an effective IT Risk Management program

  • Execute formal risk assessments of projects, initiatives, technologies and processes, including 3rd party vendor assessments

  • Proactively understand, assess and document key IT risks and implement relevant controls to manage identified risks

  • Monitor, maintain and ensure continuous improvement of the effectiveness of controls associated with GPC’s information assets

  • Coordinate 3rd party audits of GPC, including Pen tests, PCI, SOX, Visa-PIN and TR39 assessments

  • Manage compliance projects across multiple teams, including operations, security and development ensuring compliance with regulatory and legal requirements relevant to the GPC’s business      

  • Maintain Information Security and Privacy policies

  • Develop and implement internal policies and procedures to ensure proper protection of GPC’s Information and IT Assets

  • Implement, monitor and improve an IT Security Awareness program to raise the collective awareness of the importance of IT Security and security controls

  • Implement and manage GPC’s Security Incident Response Program