Role :
- Developing, operationalizing, and maintaining security controls framework in line with
- industry best practices, internal, regulatory, and customer requirements
- Conducting compliance assessments of Aptiv functional areas or technologies against
- control framework, including documenting assessment findings, working with control owners
- to draft the risk treatment (plan of action and milestones)
- Conducting security risk assessments including information consolidation, risk evaluation,
- treatment and reporting for projects, change requests, new technologies or vendors, and
- existing business-critical Aptiv infrastructure and systems
- GRC tool operation and maintenance
- Collaborating with cross-functional teams, such as Privacy, Legal, Supply Chain, Product
- Security to align on common risk management and assessment processes and capabilities
- Identifying risks and developing effective risk mitigation initiatives/controls that are aligned
- with Aptiv and divisional needs
- Collaborating with the wider Aptiv Security GRC team to develop ongoing improvements of
- the IT Security Risk Management strategy, program, and processes
- Ensuring the IT Security risk management framework is aligned with risk mitigation efforts
- and responsive to changes in the business and threat environment
- Supporting the Security GRC Lead to determine and evaluate new security risks, for
- awareness and communication to appropriate business stakeholders
- Determining and recommending risk reduction solutions in alignment
- with Aptiv Security policies and controls, documenting identified risks and remediation
- strategies
- Participate in the design, implementation, operation, and maintenance of the Enterprise IT
- Security risk register, IT Security Exceptions, and supporting processes
- Provide ongoing security risk management status, ensuring awareness of key risks,
- challenges, and new compliance developments.
- Develop and expand reporting on Aptiv Security risk & compliance through centralized
- dashboards, utilizing automation and BI, to minimize manual reporting efforts
- Work with the wider IT Security team on continuous improvements of security policies,
- controls, solutions & processes in Aptiv to remain aligned with global, industry, regulatory,
- or customer-driven security standards
- Execute around the IT Security exception process by understanding, documenting, and
- analyzing the security exception against enterprise risk management profile, and work to
- institute compensating controls and remediation treatment.
Your Background :
- Minimum of 4 years of experience in IT Security, Governance, Risk and Compliance, IT Audit
- with proven experience in the delivery of risk and compliance assessments
- Proven knowledge of Security standards and Frameworks e.g., ISO, SOX, TISAX, NIST, CIS
- Proven experience with at least one Risk Framework e.g., ISO3001, IRAM, FAIR
- Experienced with GRC tools for risk management, tracking, and assessment delivery
- Strong documentation skills to contribute to security policies, processes and procedures and
- for the production of risk assessment reports, findings and recommendations
- Ability to create constructive relationships, influence, and communicate to IT, engineering &
- business audiences at all levels, to drive a risk-aware culture
- Ability to work in a team environment and possess strong critical thinking and analytical
- skills, and be able to work in a team environment
- Strong written, verbal, and presentation communication skills
Nice to Haves (Preferred Qualifications):
- Experience in a technology or engineering organization
- Experience with GDPR and Privacy related regulations
- Knowledge in at least 1 IT Security domain (cloud, infrastructure, device, data, identity,
- networking)
- Industry recognized qualifications in IT Security or Risk domains (e.g., Lead Implementer /
- Auditor IS027001, CRISC, FAIR L1)
- Big 4 experience
Privacy Notice - Active Candidates: https://www.aptiv.com/privacy-notice-active-candidates
Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.
Organisation:
Aptiv