Cyber Security Engineer- 2489 at iFlow Inc

Role-Cyber Security Engineer- 2489

Location- ATLANTA, GA/ Plymouth, MI/ Irvine or Palo Alto, CA

JOB DESCRIPTION

Schedule: M-F (9-5, 8-6- local time and flexible depending on business needs)- average 8 hours day

This is a hybrid role- 3 days/week on-site in ATLANTA, Plymouth, Irvine or Palo Alto- please be sure all candidates submit within this location

• Working in an agile environment, the Senior Cybersecurity Analyst (Compliance
• Manager) will focus on assisting with the achievement of specified industry-
• specific certifications for the organization.
• This role will report to the Senior Director of
• Cybersecurity Risk Management in the Rivian Enterprise Cybersecurity organization.
• As a member of the team, you will contribute to compliance activities related to multiple
• frameworks including ISO 27001, TISAX, and NIST CSF.
• The ideal candidate brings a strong understanding of risk assessment, understanding operating effectiveness,
• recommending and coordinating security controls implementation activities, and
• contributing to enhancing the overall compliance and cybersecurity program.
• In this role, The senior Cybersecurity Analyst (Compliance Manager) will collaborate with Enterprise
• Cybersecurity and cross-functional business leaders to obtain and maintain globally
• recognized information security certifications specific to the cybersecurity domain and automotive industry for improved security, data protection, and proving assurance to
• business partners as an original automotive manufacturer.
• The duration for this contractor position is up to 18 months.

Core Responsibilities:

• Serve as a subject matter expert for compliance initiatives with a specific focus of ISO 27001, and TISAX.
• Understand the practical application of NIST CSF.
• Assist in performing detailed assessments with a focus on risk information, including self-assessments and working with external auditors covering Rivian's information security system and cybersecurity program maturity.
• Provide the appropriate level of support to demonstrate that Rivian has undergone rigorous external verification and complies with the appropriate level of information security standards within the TISAX framework.
• Assist Rivian in achieving ISO 27001 certification if its ISMS, subsequently reducing risk and optimizing operations facilitating meeting additional compliance requirements.
• Demonstrate the appropriate level of ownership for assigned responsibilities;
• proactively identify, escalate, and resolve impactful risks and issues.
• Possess deep expertise regarding cybersecurity risk management and apply this proficiency to initiatives, problems and opportunities.
• Develop, report and track key actionable metrics, milestones, goals, and learnings for improvement.
• Utilize the team's JIRA board and track and report activities through closure.
• Provide input into longer-term planning activities at vertical and domain level, work cross-functionally with diverse stakeholders.
• Execute a comprehensive compliance strategy aligned with cybersecurity objectives and industry best practices; identify gaps and ensure compliance with standards across the enterprise.
• Develop an executive-level dashboard to track and generate metrics reports related to cybersecurity compliance on a recurring basis by partnering with the appropriate teams to develop Key Risk Indicators (KRIs) to drive compliance an deliver on overall program performance.
• Provide valuable delivery insights derived from multiple sources and communicate metrics that teams can use to drive continuous improvement.
• Implement data quality standards, policies, and procedures to ensure accuracy, consistency, and reliability of data assets; improve the quality of operational data and metrics.
• Clearly communicate expectations and carefully track progress to ensure
• standards are met at a systematic level; follows up to keep work on track. Stay updated on industry trends and best practices in risk and controls and proactively recommend improvements to the Cybersecurity Risk Management Program.
• Demonstrate influence; make a compelling case for change and obtain early stakeholder buy-in.
• Seek to understand different perspectives to resolve conflict.

Required Minimum Experience:

5 years in cybersecurity compliance, including hands-on experience with analytics,

tracking, and reporting.

Required Minimum Education:

BA/BS degree in Information Systems, or related field, or equivalent experience

required.

Desired Certification(s):

Certified Information Systems Security Professional (CISSP), Certified

Information Security Manager (CISM), Certified in Risk and Systems Controls

(CRISC), or Microsoft Certified Systems Administrator: Security

Certification in governance, governance, risk & compliance (GRC) or artificial

intelligence is a plus

Qualifications

• Understanding of Information Security, Cybersecurity Operations, and related technologies, and various Standards and Guidelines (NIST CSF, TISAX, ISO 27001). PCI-DSS experience is desirable.
• Strong leadership, business acumen, technical and consulting capabilities, and
• project/change management skills used to contribute to the development of strategic plan for aligned discipline
• Critical thinking and creative problem-solving skills
• Excellent verbal and written communication skills and attention to detail
• Able to triage multiple initiatives to address the right problems at the right time
• Strong judgment in executing deliverables and working with stakeholders
• Excellent interpersonal and team-building skills
• Able to plan, communicate, and execute planning individually and with a team
• Level of comfort speaking technically and non-technically, as appropriate
• Able to work effectively and successfully in a fast-paced environment
• Proficiency in the Google Suite, PowerBI, or other metrics and/or
• database/reporting/ tracking tools, and project management software and tools
• Models best-in-class project management practices