Manager, IT Cyber Security

Manager, IT Cyber Security

We are searching for an experienced Manager, IT Cyber Security at our Headquarters facility.

Hyundai MOBIS Parts America

We think creatively and keep challenging ourselves to help create a new future and eventually make humankind's dreams a reality. Ready for the challenge?

Who We Are

Tomorrow's most advanced automotive technology is being envisioned today at MOBIS Parts America (MPA). A subsidiary of Hyundai MOBIS, we are a top leading automotive parts supplier. MPA provides after-sales service parts support for Hyundai Motors, Kia Motors, and Genesis. In addition to the distribution of genuine service parts, the MPA Accessories division develops accessories for Hyundai, Kia, and Genesis - which are installed on new vehicles in the United States and Canada.

Description

Mobis is a company of the Hyundai Motor Group responsible for the development, production, and distribution of Service Parts and Accessories for all Hyundai and Kia brand vehicles. Within North America and Mexico, Mobis Parts operates 17 distribution centers and associated transportation networks warehousing and shipping product to all Hyundai and Kia Dealerships within USA, Canada, and Mexico as well as South/Central American Distributors.

Under the leadership of the Head of IT Operations & Systems, the Manager IT Cyber Security is responsible for overseeing and managing the cybersecurity architecture ensuring the protection of the company's information systems, networks, and data. This role will develop and implement security policies, monitor for vulnerabilities, and respond to security incidents. Additionally, this position will be responsible for managing user access controls and account support, ensuring proper access management and compliance with security protocols. The Manager of Cyber Security will work closely with analysts, other IT and business teams, and business departments to align security efforts with business goals and compliance requirements.

Collaboration with IT and Business Units

• Coordinate with HR to define and manage the components of comprehensive security policies and procedures for the company
• Collaborate with other IT functions (e.g., network security, application security, and infrastructure) to integrate security controls and ensure that all security measures are embedded into systems and processes.
• Work with business units to understand security requirements, ensuring that security measures do not negatively impact business operations.

This is a full-time position at our North America HQ, though occasional travel may be required to travel to satellite offices in U.S.A.

Responsibilities

Cyber Security Program Management

• Lead the company's cyber security initiatives, ensuring policies, procedures, and practices align with industry best practices and organizational goals.

• Manage the overall security posture, ensuring the protection of networks, systems, and data from unauthorized access, cyber-attacks, and data breaches.

• Develop and enforce security policies and procedures to mitigate risks, prevent incidents, and ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).

Risk Management and Compliance

• Assess and manage cybersecurity risks across the organization, helping business units identify and mitigate risks related to IT systems, networks, and data.
• Architects, plans, configures, deploys, maintains, and upgrades toolsets to address vulnerabilities and/or implement security controls
• Work closely with compliance teams to ensure that security practices align with relevant industry standards and legal requirements.
• Conduct regular security audits and ensure that the organization maintains certifications as well as complies with internal and external reporting and audit requirements.

Incident Response and Management

• Lead the incident response process, from detection to mitigation, ensuring minimal impact on operations.
• Conduct root cause analysis and manage remediation efforts after security incidents or breaches.
• Prepare detailed incident reports for senior management and ensure that lessons learned are applied to improve future defenses.

Security Operations and Monitoring

• Monitor security alerts and events from a variety of sources, including security information and event management (SIEM) systems, firewalls, intrusion detection systems (IDS/IPS), and antivirus solutions.
• Respond to security events and incidents in a timely and effective manner, escalating when necessary.
• Conduct vulnerability assessments and penetration tests, working with the team to resolve any security gaps identified.

Security Awareness and Training

• Develop and deliver training programs for employees on security best practices, including phishing awareness, secure password management, and handling sensitive data.
• Promote a culture of security awareness across the organization, ensuring all employees understand their role in maintaining security.

Account Support and Systems Access Management

• Oversee and manage the process of user account creation, modification, and deactivation across applications, systems, and platforms.
• Collaborate with HR and other departments to manage user access based on role changes, promotions, or terminations.
• Ensure that all systems have proper access controls and are in compliance with security policies and regulatory requirements.
• Implement role-based access controls (RBAC) and least privilege principles to restrict unauthorized access to sensitive information.
• Monitor and review user access logs and permissions regularly to ensure proper access management and identify any anomalies or unauthorized access attempts.
• Ensure timely resolution of account access issues for employees, contractors, and third-party vendors.

Key Performance Indicators

• Security system installation and application target
• Reduction in security incidents and breaches
• Percentage of security incidents resolved within SLA
• Mean time to detect (MTTD) and mean time to respond (MTTR) to incidents
• Percentage of compliance with security frameworks and regulations
• Number of accounts created, modified, or deactivated according to policy
• Percentage of user access reviews completed on time
• Number of users trained on security awareness programs
• Regular security audits and vulnerability scans completed on time
• Risk assessments and mitigation strategies implemented successfully

Work Schedule

• This position exempt and expected to support business needs as required, however typically works 8hrs per day M-F
• Possibility of Hybrid work arrangement.
• Weekend and after-hours support required for operations issues, project launches, and other initiatives as needed

Travel

• Minimal travel required, including occasional trips to local warehouses
• May occasionally require extended trips

Work Environment

• This position is primarily a professional, office-based job, including use of phones, computers, printers, copy machines, etc.
• Occasional work in industrial environment such as distribution centers required

Physical Demands

• Ability to work at a desk for long periods
• Verbal interactions both in-person and online
• Some lifting may be required.

Required Qualifications

Education

• Bachelor's degree in Computer Science, Information Technology, Information Security, or related field (Master's preferred).

Overall Related Experience & Preferred Skills

• 10+ years of experience in Cyber Security or IT Security.
• 2+ years in a management role.
• Experience with SIEM tools, firewalls, IDS/IPS, endpoint protection, and access control systems.
• Experience with vulnerability management, penetration testing, and incident response.
• Proven experience with managing user access and account support, including role-based access control (RBAC) and least privilege access management.

Certifications

• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), or similar is preferred.

Skills

• Knowledge of security frameworks such as NIST, ISO 27001, and CIS Controls.
• Strong understanding of networking protocols, web application security, and cloud security.
• Familiarity with security tools (e.g., Splunk, Wireshark, Nessus, Qualys, Palo Alto Networks, Fortinet).
• Ability to analyze and remediate security vulnerabilities across networks, applications, and systems.
• Exceptional communication and interpersonal skills (both written and verbal), with the ability to work effectively with technical and non-technical stakeholders.
• Competency in standard Microsoft applications including Word, Excel, Access, Powerpoint and Outlook.
• Excellent planning, organizational, and time management skills.
• Ability to escalate issues and communicate status to stakeholders
• Ability to work independently and collaborate within other business units
• Strong problem-solving and analytical skills with attention to detail.

Employment Type - Exempt, Annual Salary

Compensation - The expected hiring range for this position is $120,000.00 - 145,000.00, depending on experience and qualifications.

Hyundai Mobis Parts America - Benefits

We offer a competitive benefits package for full-time employees which include:

• Medical, Dental, and Vision
• 401K with employer matching
• Tuition Reimbursement
• Paid Vacation, Paid Sick Days and Paid Holidays
• Company Discounts & more!

Our company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.