Dana is a global leader in the supply of highly engineered driveline, sealing, and thermal-management technologies that improve the efficiency and performance of vehicles with both conventional and alternative-energy powertrains. Serving three primary markets - passenger vehicle, commercial truck, and off-highway equipment - Dana provides the world's original-equipment manufacturers and the aftermarket with local product and service support through a network of nearly 100 engineering, manufacturing, and distribution facilities.
Job Purpose
- Maintain Information Security policies, standards, and controls.
- Assess and report on the overall compliance to designated security frameworks and customer requirements such as, TISAX, NIST CSF, CIS CSC, ISO 27001
- Promote and maintain Information Security training awareness through multiple distribution channels including, training platform, lunch and learn sessions, blogging within the company's portal, publishing newsletters, and webcast presentations.
- Develop and implement a program for tracking and reporting metrics to monitor the effectiveness of the overall security, risk management and compliance program.
- Maintain the IT risk management program which extends to supplier risk management.
- Coordinate remediation planning and tracking through to resolution for audit recommendations to ensure adhere to the organization's compliance obligations.
Job Duties and Responsibilities
- Maintain IT risk identification, mitigation and acceptance processes in coordination with security and IT operations. Works with business and functional areas to perform risk assessments and make appropriate risk treatment decisions.
- Help design, deploy and maintain the IT general control framework.
- Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
- Maintain security awareness training materials and provide education/awareness for end-user community, managers and executive management.
- Perform IT risk mitigation and remediation to address IT control deficiencies and IT risks identified through IT audits or IT risk assessments.
- Monitors regulatory environment for impact on security and IT risk programs and initiatives.
- Updates and maintains policies, standards, and procedures to enhance security within the organization. Regularly review the policies, standards and procedures to confirm they are current with existing threat landscape.
- Educates business and IT customers on security policy, standards, procedures and controls.
- Responsible for performing information security risk assessments according to defined scope.
- Maintain the Supplier Risk Management (SRM) program to identify and mitigate the risk of third party relationships to Dana.
- Keeps abreast of the latest in security, risk, and compliance related to Dana data assets.
- Assist in the development and distribution of content through the departmental intranet SharePoint site.
- Monitors compliance for all appropriate regulatory requirements including Sarbanes Oxley (SOX), International Traffic and Arms Regulation (ITAR), and GDPR, including any new regulatory initiatives applicable to Dana in the course of business.
- Coordinate policy exception requests and tracking.
Qualifications
Education
- Bachelor's degree in computer science, information systems, engineering, business administration or a related field is required.
Experience
- Minimum of 2-3 years of experience with related to information security policy, standards, architecture, technology and programs.
- Experience with auditing to NIST CSF, ISO 27001, CIS CSC, and TISAX frameworks are required.
- "Big Four" and/or consulting experience desired.
Language Skills
- English (fluency in reading, writing and speaking)
Certifications
- Must have at least one of the following active certifications: CISA, CISM, CISSP, CRISC
- Other relation certifications such as ITIL, PMP, SANS/GSEC, CIPP, CGEIT, are preferred but not required.
Additional skills
- Global organization experience is preferred but not required.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
Unsolicited Resumes from Third-Party Recruiters
Please note that as per Dana policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that Dana will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.
Join our team of 40,000 problem solvers who are fostering a culture of innovation by leveraging the diverse perspectives of our global team. We believe in facing challenges head-on by finding opportunity and uncovering possibility, where roadblocks and barriers become targets instead of obstacles. We are One Dana with limitless opportunity.
Our Values
- Value Others
- Inspire Innovation
- Grow Responsibly
- Win Together