TEC Group
TEC Group is hiring: Sr. Cybersecurity Analyst/Compliance Manager in Palo Alto
TEC Group, Palo Alto, CA, United States, 94306
Sr. Cybersecurity Analyst/Compliance Manager
Palo Alto, CA | Irvine, CA | Atlanta, GA | Plymouth, MI
Hybrid (3 days per week onsite)
Contract
Summary
The Sr. Cybersecurity Analyst/Compliance Manager will focus on assisting with the successful achievement of specified industry-specific certifications for the organization. This role will report to the Senior Director of
Cybersecurity Risk Management in the Rivian Enterprise Cybersecurity organization. As a member of the team, you will contribute to compliance activities related to multiple frameworks including ISO 27001, TISAX, and NIST CSF. The ideal candidate brings a strong understanding of risk assessment, understanding operating effectiveness,
recommending and coordinating security controls implementation activities and contributing to enhancement of the overall compliance and cybersecurity program. Collaborate with enterprise cybersecurity and cross-functional business leaders to obtain and maintain globally recognized information security certifications specific to the cybersecurity domain and automotive industry for improved security, data protection, and proving assurance to business partners as an original automotive manufacturer.
Responsibilities
Qualifications
Desired Certifications
Palo Alto, CA | Irvine, CA | Atlanta, GA | Plymouth, MI
Hybrid (3 days per week onsite)
Contract
Summary
The Sr. Cybersecurity Analyst/Compliance Manager will focus on assisting with the successful achievement of specified industry-specific certifications for the organization. This role will report to the Senior Director of
Cybersecurity Risk Management in the Rivian Enterprise Cybersecurity organization. As a member of the team, you will contribute to compliance activities related to multiple frameworks including ISO 27001, TISAX, and NIST CSF. The ideal candidate brings a strong understanding of risk assessment, understanding operating effectiveness,
recommending and coordinating security controls implementation activities and contributing to enhancement of the overall compliance and cybersecurity program. Collaborate with enterprise cybersecurity and cross-functional business leaders to obtain and maintain globally recognized information security certifications specific to the cybersecurity domain and automotive industry for improved security, data protection, and proving assurance to business partners as an original automotive manufacturer.
Responsibilities
- Serve as a subject matter expert for compliance initiatives with a specific focus of ISO 27001, and TISAX. Understands the practical application of NIST CSF.
- Assist in performing detailed assessments with a focus on risk information, including self-assessments and working with external auditors covering the company's information security system and cybersecurity program maturity.
- Provide the appropriate level of support to demonstrate that the company has undergone rigorous external verification and comply with the appropriate level of information security standards within the TISAX framework.
- Assist the company in achieving ISO 27001 certification if its ISMS, subsequently
- reducing risk and optimizing operations facilitating meeting additional compliance requirements.
- Demonstrate the appropriate level of ownership for assigned responsibilities; proactively identify, escalate, and resolve impactful risks and issues.
- Possess deep expertise regarding cybersecurity risk management and apply this proficiency to initiatives, problems and opportunities.
- Develop, report and track key actionable metrics, milestones, goals, and learnings for improvement.
- Utilize the team's JIRA board and track and report activities through closure.
- Provide input into longer-term planning activities at vertical and domain level, work cross-functionally with diverse stakeholders.
- Execute a comprehensive compliance strategy aligned with cybersecurity objectives and industry best practices; identify gaps and ensure compliance with standards across the enterprise.
- Develop an executive-level dashboard to track and generate metrics reports related to cybersecurity compliance on a recurring basis by partnering with the appropriate teams to develop Key Risk Indicators (KRIs) to drive compliance and deliver on overall program performance.
- Provide valuable delivery insights derived from multiple sources and communicate metrics which teams can use to drive continuous improvement.
- Implement data quality standards, policies, and procedures to ensure accuracy, consistency, and reliability of data assets; improve the quality of operational data and metrics.
- Clearly communicate expectations and carefully track progress to ensure standards are met at a systematic level; follows up to keep work on track.
Qualifications
- 5 years in cybersecurity compliance, including hands-on experience with analytics, tracking, and reporting.
- BA/BS degree in Information Systems, or related field, or equivalent experience required.
- Understanding of Information Security, Cybersecurity Operations, related technologies, and various Standards and Guidelines (NIST CSF, TISAX, ISO 27001). PCI-DSS experience is desirable.
- Strong leadership, business acumen, technical and consulting capabilities, and project/change management skills used to contribute to development of strategic plan for aligned discipline
- Excellent interpersonal and team building skills
- Able to plan, communicate, and execute planning individually and with a team
- Level of comfort speaking technically and non-technically, as appropriate
- Proficiency in the Google Suite, PowerBI, or other metrics and/or database/reporting/ tracking tools, and project management software and tools
Desired Certifications
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Systems Controls (CRISC), or Microsoft Certified Systems Administrator: Security
- Certification in governance, governance, risk & compliance (GRC) or artificial intelligence is a plus