Tesla
IT Security & Compliance Manager
Tesla, Fremont, California, us, 94537
Tesla is looking for an IT Security and Compliance Manager to join our Global Risk and Compliance team. You will help run the risk and compliance efforts to design, evaluating, implementing, and improving Tesla's IT Security Controls. You will join the IT Compliance team as part of the CIO's organization and manage activities across the global organization. The role will act as a liaison between the audit function and IT Security Teams across Tesla - you will work with SMEs across the organization to mature/design security controls & mitigate risk and become a deep technical resource.
Responsibilities
SOC 2 Energy Compliance: Develop and execute the annual SOC 2 energy plan, coordinating with both internal teams and external auditors. Serve as the primary point of contact for all SOC audit-related matters. Prepare and review SOC audit documentation, ensuring its accuracy and completeness. Track and manage remediation efforts for any identified audit findingsVehicle Cybersecurity Compliance: Maintain meticulous compliance with vehicle cybersecurity regulations (UNECE 155/156, ISO 21434). Serve as the primary liaison with external cybersecurity auditors and regulators. Guarantee the application of appropriate technical audit methodologies and scopeIT Policy Governance: Ensure compliance with data security policies and all relevant legal and regulatory requirements. Maintain and evolve IT Security Policies across the organizationMonitoring & Reporting: Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes. Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance postureRisk Management: Foster strong partnerships and coordinate with security teams, external auditors, management, and other testing groups to proactively address and mitigate risksMonitoring & Reporting: Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes. Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance postureContinuous Improvement Continuously evaluate and proactively recommend enhancements to existing programs, practices, and technologies. Identify areas for improvement, develop actionable plans, and execute to implement changes in a timely and efficient manner. Ensure that all necessary changes and improvement actions are implemented as requiredRequirements
5-8 years of professional Cybersecurity, IT Risk and Compliance, and audit experienceExperience in technical audit methodology (to be able to handle external auditors and regulators) is a mustExperience implementing security frameworks, such as SOC 2, ISO 27001, UNCE R155/R156, ISO 21434Strong technical knowledge in SDLC and software/firmware change managementYou have experience leading and mitigating risk in projects throughout an organizationUnderstanding IT General Controls, Security Incident Handling, Data Classification and Handling, Data PrivacyYou have relevant knowledge and experience testing design and operation of IT General Controls for user access, change management, system integrations, and system development activitiesFundamental understanding of including vehicle software, OTA updates, fleet management TCP/IP protocols, networking, network topology, operating systems, including Windows and LinuxCISA, CISSP, CRISC, CISM, or other professional certifications/associations is a plusBig 4 Accounting Firm experience specializing in IT Risk & Compliance is preferredCompensation and BenefitsBenefits
Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:
Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deductionFamily-building, fertility, adoption and surrogacy benefitsDental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contributionCompany Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSAHealthcare and Dependent Care Flexible Spending Accounts (FSA)LGBTQ+ care concierge services401(k) with employer match, Employee Stock Purchase Plans, and other financial benefitsCompany paid Basic Life, AD&D, short-term and long-term disability insuranceEmployee Assistance ProgramSick and Vacation time (Flex time for salary positions), and Paid HolidaysBack-up childcare and parenting support resourcesVoluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insuranceWeight Loss and Tobacco Cessation ProgramsTesla Babies programCommuter benefitsEmployee discounts and perks programExpected Compensation
$88,000 - $294,000/annual salary, depending on level + cash and stock awards + benefits
Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.
Responsibilities
SOC 2 Energy Compliance: Develop and execute the annual SOC 2 energy plan, coordinating with both internal teams and external auditors. Serve as the primary point of contact for all SOC audit-related matters. Prepare and review SOC audit documentation, ensuring its accuracy and completeness. Track and manage remediation efforts for any identified audit findingsVehicle Cybersecurity Compliance: Maintain meticulous compliance with vehicle cybersecurity regulations (UNECE 155/156, ISO 21434). Serve as the primary liaison with external cybersecurity auditors and regulators. Guarantee the application of appropriate technical audit methodologies and scopeIT Policy Governance: Ensure compliance with data security policies and all relevant legal and regulatory requirements. Maintain and evolve IT Security Policies across the organizationMonitoring & Reporting: Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes. Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance postureRisk Management: Foster strong partnerships and coordinate with security teams, external auditors, management, and other testing groups to proactively address and mitigate risksMonitoring & Reporting: Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes. Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance postureContinuous Improvement Continuously evaluate and proactively recommend enhancements to existing programs, practices, and technologies. Identify areas for improvement, develop actionable plans, and execute to implement changes in a timely and efficient manner. Ensure that all necessary changes and improvement actions are implemented as requiredRequirements
5-8 years of professional Cybersecurity, IT Risk and Compliance, and audit experienceExperience in technical audit methodology (to be able to handle external auditors and regulators) is a mustExperience implementing security frameworks, such as SOC 2, ISO 27001, UNCE R155/R156, ISO 21434Strong technical knowledge in SDLC and software/firmware change managementYou have experience leading and mitigating risk in projects throughout an organizationUnderstanding IT General Controls, Security Incident Handling, Data Classification and Handling, Data PrivacyYou have relevant knowledge and experience testing design and operation of IT General Controls for user access, change management, system integrations, and system development activitiesFundamental understanding of including vehicle software, OTA updates, fleet management TCP/IP protocols, networking, network topology, operating systems, including Windows and LinuxCISA, CISSP, CRISC, CISM, or other professional certifications/associations is a plusBig 4 Accounting Firm experience specializing in IT Risk & Compliance is preferredCompensation and BenefitsBenefits
Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:
Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deductionFamily-building, fertility, adoption and surrogacy benefitsDental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contributionCompany Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSAHealthcare and Dependent Care Flexible Spending Accounts (FSA)LGBTQ+ care concierge services401(k) with employer match, Employee Stock Purchase Plans, and other financial benefitsCompany paid Basic Life, AD&D, short-term and long-term disability insuranceEmployee Assistance ProgramSick and Vacation time (Flex time for salary positions), and Paid HolidaysBack-up childcare and parenting support resourcesVoluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insuranceWeight Loss and Tobacco Cessation ProgramsTesla Babies programCommuter benefitsEmployee discounts and perks programExpected Compensation
$88,000 - $294,000/annual salary, depending on level + cash and stock awards + benefits
Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.