Security Manager – Data Protection

Company Background

Established in 1928 Genuine Parts Company is a leading global service provider of automotive and industrial replacement parts and value-added solutions. Our Automotive Parts Group operates across the U.S. Canada Mexico Australasia France the U.K. Ireland Germany Poland the Netherlands Belgium Spain and Portugal while our Industrial Parts Group serves customers in the U.S. Canada Mexico and Australasia. We keep the world moving with a vast network of over 10700 locations spanning 17 countries supported by more than 63000 teammates. Learn more at .

Position Summary

The GPC Data Protection Manager leads the enterprise strategy to detect investigate and mitigate risks originating from within the organization. This individual drives the governance of the Data Loss Prevention platforms and manages a cross-functional program that balances security with operational agility focusing on protecting sensitive intellectual property (IP) financial data and regulatory assets.

Key Responsibilities

• Program Governance:Define and drive the multi-year technical roadmap for insider risk aligning it with business needs and global privacy laws (e.g. GDPR CCPA DORA).

• Behavioral Detection:OverseeUser and Entity Behavior Analytics (UEBA)to establish behavioral baselines and detect anomalies such as unusual data movement or unauthorized use of generative AI tools.

• Data Protection Management:Lead the selection deployment and optimization of the Data Protection stack ( Purview andCyera) to identify and block risky data exfiltration.

• Incident Investigation:Participate with Global Incident Response team on deep-dive investigations into high-risk alerts collaborating with Legal and HR to ensure ethical and defensible evidence collection.

• AI Guardrails:Implement specific controls to monitor and prevent sensitive data leaks into external Large Language Models (LLMs) and manage prompt injection risks.

• Metrics & Reporting:Develop real-time dashboards to quantify risk posture and program effectiveness for executive leadership and the board of directors.

• Talent Cultivation:Prioritize hiring adaptable specialists who can navigate hybrid security environments and AI-driven threats.

• Mentorship & Coaching:Move from traditional surveillance-heavy oversight to a coaching-based model providing real-time nudges that educate employees on secure data handling rather than just penalizing mistakes.

Required Skills & Qualifications

• Management: Experience in managing at least 10 employees.

• Experience:Typically requires510 yearsin cybersecurity or risk management with a focused background in insider threat analysis or data protection.

• Technical Proficiency:Extensive experience with data discovery/cataloging and insider risk tools.

• Analytical Mindset:Proficiency in querying large datasets using SQL or Python to identify emerging threat patterns and fraud indicators.

• Soft Skills:Strong cross-functional collaboration skills with the ability to influence without direct authority and translate technical risks into business impact.

• Certifications:Preferred credentials includeCISSP(Security)or CISM(Management).

Location:

Krakow/hybrid

Not the right fit Let us know youre interested in a future opportunity by joining our Talent Community on or create an account to set up email alerts as new job postings become available that meet your interest!

GPC conducts its business without regard to sex race creed color religion marital status national origin citizenship status age pregnancy sexual orientation gender identity or expression genetic information disability military status status as a veteran or any other protected characteristic. GPCs policy is to recruit hire train promote assign transfer and terminate employees based on their own ability achievement experience and conduct and other legitimate business reasons.