Senior Manager IAM Enterprise Security

Company Background:

Established in 1928 Genuine Parts Company is a leading global service provider of automotive and industrial replacement parts and value-added solutions. Our Automotive Parts Group operates across the U.S. Canada Mexico Australasia France the U.K. Ireland Germany Poland the Netherlands Belgium Spain and Portugal while our Industrial Parts Group serves customers in the U.S. Canada Mexico and Australasia. We keep the world moving with a vast network of over 10700 locations spanning 17 countries supported by more than 63000 teammates. Learn more at .

Position Purpose

TheIT Sr. Manager Identity & Access Managementis responsible for providing leadership in the areas of Identity and Access Management with special emphasis on Identity and Access Management for employees customers and privileged access management. This position will lead the management of the Identity Access Management function and will safeguard Genuine Parts Company global brands by promoting implementing and supporting controls to manage risks associated with identity. Through collaboration with other IT and company stakeholder leaders this role will help ensure our Identity Access and Provisioning posture is strong proactive and aligns with our current and future business objectives.

This role is responsible for assisting in design and support of the GPC enterprise-wide identity access management and governance strategy that meets the needs of our current and future acquired operational locations. The person in this position is responsible for providing expert advice and effective oversight of information security and technology risk activities to identify assess control and manage identity and access risks throughout Genuine Parts Company. This role is charged with overseeing identity risk aggregation correlation of risk and reporting in support of enterprise-wide objectives. This role will lead our Identity & Access Management team to meet both regulatory and contractual regulatory obligations.

Responsibilities

• Serves as an internal information security consultant to the enterprise while balancing the needs of the day-to-day business.
• Include focus and expertise in Privileged Access Management (PAM) Customer Identity Access Management (CIAM) Identity Governance and Administration (IGA) and Employee Identity Access Management (EIAM) to include Single Sign on and Multi-factor authentication.
• Research and recommend solutions that meet security standards while ensuring functionality for business continuity.
• Develop security test scenarios for unit process function integration and acceptance testing.
• Design integration schema and linkage for multi-platform business and technological solutions.
• Evaluates the security of new technologies and assists with the plan to integrate them into the company environment.
• Help develop the policies and procedures in conjunction with the established IT governance channels to manage the use and operation of these systems
• Recommend best practices for security controls without hindering functionality.
• Define the minimum access and identity configuration standards for all IT systems.
• Evaluates new and proposed security systems and technologies.
• Reviews develops test and implements security plans products and control techniques.
• Develops guidelines for the usage control maintenance and auditability of information and computer resources.
• Lead and manage a specialized security team across the globe.

Desired Qualifications & Experiences

• BS/BA degree and specialized information security technical training required. An advanced degree is a plus.
• A reputable security certification (CISSP CISSP w/specialization HCISPP GIAC CISA etc.) is required
• A minimum of 6 years of progressive Information Security experience.
• A minimum of 3 years of management experience leading information security.
• Identity & Access Management to include governance experience is required.
• Experience in security architecture design is a plus.
• Consistent track record of leadership teamwork and delivering high-impact results.
• Working knowledge of workday & PeopleSoft ERP are a plus.
• Working knowledge of IAM platforms are a plus
• In-depth knowledge of the information security industry and regulatory obligations (Sarbanes-Oxley (SOX) HIPAA GLBA PCI DSS HITRUST NIST Framework etc.).
• Working knowledge of Microsoft Active Directory.
• Ability to analyze all layers of the OSI model from the security stance.
• Prepare and present plans/designs to IT and business leaders.
• Advocate the integration of solutions into the enterprise directory structure.
• In-depth knowledge of networking technologies and architecture.
• Prioritize tasks effectively to meet project deadlines and deliverables.
• ITIL familiarization - managing incidents requests and changes. Experience is a plus.
• Experience in managing teams in multicultural environments across different time zones.

Additional Knowledge Skills and Attributes(Underlying skills and abilities that enable the execution of duties and responsibilities)

Knowledge of:

• Federal state and global laws regarding security and privacy of electronic information assets within the context of the healthcare industry is highly preferred (e.g. HIPAA Sarbanes-Oxley etc.);
• Industry security standards (e.g. NIST)
• Platform independent information security policy and standards.
• E-commerce/e-business security related strategies policies and standards.
• Enterprise security awareness program practices that incrementally create organizational security awareness and education.
• Compliance programs to help ensure conformity with established enterprise security policies practices and standards.
• Risk assessment processes for the protection of electronic information assets; and
• Large scale Wide Area Network and multiple platform environments with both decentralized and centralized focuses.

Skills including:

• Superior analytical skills to identify high-risk security breach opportunities with the ability to develop solutions to prevent correct detect or mitigate security risks via people processes and technology.
• Ability to relate business requirements and risks to technology implementation for security-related activities.
• Ability to collaborate with IT&S and business area professionals to identify/recommend applicable security practices/controls rather than dictating security methods.
• Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities while continuing to emphasize quality patient care.
• Solid project management and collaboration skills especially in a cross-functional dynamic team environment.
• Excellent oral and written communication skills with the ability to present and discuss technical information in a manner that establishes rapport persuades others and allows the individual to increase understanding of subject matter.
• Working both independently and with key stakeholders to develop security policy and standards.
• Taking initiatives toward personal development such as maintaining skills and obtaining professional certifications (e.g. Information Systems Security Association Certified Information Systems Security Professional etc.).

Location:

Krakow/hybrid

Not the right fit Let us know youre interested in a future opportunity by joining our Talent Community on or create an account to set up email alerts as new job postings become available that meet your interest!

GPC conducts its business without regard to sex race creed color religion marital status national origin citizenship status age pregnancy sexual orientation gender identity or expression genetic information disability military status status as a veteran or any other protected characteristic. GPCs policy is to recruit hire train promote assign transfer and terminate employees based on their own ability achievement experience and conduct and other legitimate business reasons.