Senior Engineer – Technology & Cybersecurity Risk Management

Senior Engineer – Technology & Cybersecurity Risk Management

Requirements

• Bachelor’s degree in computer science, other engineering, related field, or equivalent experience
• Experience in cybersecurity risk management supporting compliance to regulations and industry frameworks
• Expert knowledge of cybersecurity risk management processes (both qualitative and quantitative)
• Significant experience with compliance regulations/laws, security frameworks and standards (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL)
• Excellent understanding of IT General Controls and their applicability to applications and systems with governance, risk, and compliance
• Experience in strategy, consulting, engineering, or other relevant discipline
• Superb analytical and problem-solving abilities in complex situations using enterprise-wide thinking
• Works with minimal supervision with some specific decision-making authority
• Excellent communication skills (verbal and written) to tailor messages to different audiences, presenting it clearly and concisely at the right altitude

Responsibilities

• Deliver world class security, governance, risk, and compliance services across TMNA and its affiliates under minimal supervision with some latitude for independent judgement
• Work closely with the Cyber Risk & Operations Management (CROM) team as well as closely partnering with all cybersecurity teams to evaluate, implement, maintain, and improve security controls to assure compliance with TMNA Policies as well as applicable regulatory and legal requirements
• Perform risk assessment to internal and external applications, systems, supporting tools and infrastructure part of TMNA technology landscape
• Track and measure progress and impact of cyber risk strategic initiatives to create and follow repeatable disciplined supporting processes to ensure timelines, scalability, and quality of CROM deliverables
• Assess and implement IT general controls in alignment with regulatory requirements (e.g., SOX, HIPPA, GDPR, CCPA) and security frameworks (e.g., NIST, ISO, COBIT)
• Drive cybersecurity, compliance, third-party assessments, and risk management efforts across enterprise stakeholders and internal cybersecurity teams
• Provide business value to Toyota through the standardization and automation of security controls and their execution across the Toyota ecosystem
• Continuously capture inherent risk (cyber, technology, and operational) to identify alternative countermeasures to minimize residual risk and to increase security posture across the organization
• Keep abreast of new risk approaches and standards to ensure long-term success of business processes
• Ensure risk management processes are integrated in both cybersecurity and business unit planning cycles (e.g., on-boarding, off-boarding, contracts, policies)
• Collaborate with all levels of leadership within IT and other business areas to assess, track mitigations, and monitor Toyota controls and cybersecurity condition through risk prioritization
• Partner effectively with cybersecurity, product, platform, internal audit, legal, and other internal peers to support TMNA’s compliance with applicable legal, regulatory, and security frameworks
• Work closely with top management to understand risk appetite in alignment with actual risk exposure to identify and prioritize countermeasures
• Drive cybersecurity awareness and reinforce CROM/CSRM brand through educating teams and leadership on the cybersecurity core risk management strategy and processes

Preferred Qualifications

• CISA, CISSP, CIA, CIPM, or other related cybersecurity certifications
• Agile, Scrum, Lean, or related certifications
• Experience building and/or analyzing financial business cases, experience in product management
• Demonstrated success in project management, business analysis, and data analysis
• Proven ability to bring clarity and focus to complex and ambiguous situations