Genuine Parts Careers
IT Cyber Security Risk Analyst Sr
Full/Part Time: Full-Time
Bachelor Degree in Computer Science, Engineering or related discipline
10+ years GRC solution design and implementation experience in large enterprises
10+ years combined experience in Information Security and GRC
Previous experience with vulnerability scanners (Qualys preferred)
Previous experience with automated patching toolsets for Windows and non-Windows systems
Previous experience creating executive and technical reports from different data sources
Ability to work effectively, independent of assistance or supervision
Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone to convey critical information
Ability to multi-task and adjust to changing priorities in order to meet customer expectations
Attention to detail, and experience working in a large segmented organization
Innovative, creative, and extremely responsive, with a strong sense of urgency
Willing to share knowledge and assist others in understanding technical and business topics
Strong analytical, technical, and problem solving skills
Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays
Understanding of various Information Security frameworks (NIST, ISO 27001, COBIT)
Understanding of various regulatory requirements (SOX, HIPAA, PCI)
Preferred certification: CISSP, CISA or equivalent.
Preferred skills and capabilities
Experience with RSAM
Self-motivated, self-directed and shows attention to detail while working
Works ethically and with integrity supporting organizational goals and values
Displays commitment to excellence
Completes work in a timely manner and meets deadlines
Contributes to building a positive team spirit and treats others with respect
Maintains confidentiality of information and uses information appropriately
Exhibits sound judgment when making decisions and recommendations
Fosters collaboration toward a common vision and shared goals
Understanding of the Vulnerability Management lifecycle to include vulnerabilities related to:
Operating Systems (Linux, Windows, Android, iOS)
Network Infrastructure (routers, switches, firewalls, proxy servers, etc)
Applications (Web, COTS, Custom)
Assist with auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports
Measures Enterprise-wide compliance with organizational security policies and standards using various toolsets
Prioritize remediation activities based upon the results of the Enterprise-wide compliance program or internal/external audits
Responsible for preparing compliance reports by collecting, analyzing, and summarizing data from various sources
Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices through the use of vulnerability scanning and system assessment toolsets.
Work with stakeholders to provide security solutions that support their business requirements
Assist management in setting up strategic planning of information security, compliance and internal audit policies and procedures to ensure compliance with the security and privacy regulations and state and federal laws protecting customer and employee confidentiality and privacy.
Assess and modify procedures to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access, modification or destruction.
Maintain Enterprise-wide Security Policies/Standards/Procedures.
Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
Update the Unified Compliance Framework (UCF) as needed.
Maintain awareness of changes in security risks, security measures, and computer systems assessing new requirements for current and emerging compliance regulations.
Communicate technical and business problems clearly, quickly and in a concise manner to a variety of audiences.
Facilitate meetings and help drive privacy solutions working across corporate teams.
Work hand-in-hand with ISCM, IT, Internal Audit, Compliance and HR to develop solutions and/or provide guidance around compliance, security and risk requirements.
Genuine Parts Company (GPC) is a service organization engaged in the distribution of automotive replacement parts, industrial replacement parts, office products and electrical/electronic materials. Our products and services are offered through a network of over 2,000 operations, geographically located across the United States, Canada and Mexico.
With over 80 years of distribution expertise, our well-positioned, regionally located distribution centers provide us with the unique ability to adapt our product and service lines to better suit our customers' needs. GPC's commitment and reputation for just-in-time service position us as a critical partner in our customers' success.
GPC began to diversify its product lines over 30 years ago into several end-markets with strong growth opportunities. Although each product is unique, we have leveraged more than 80 years of distribution know-how to manage these businesses the GPC way - continually improving operating and distribution efficiencies.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.