Manager, Business Information Security

Position overview

Position holds the role of the Manager, Business Information Security for PFSNA affiliates, coordinating activities and compliance as identified by Porsche AG’s Global Corporate Information Security Officer. Position leads information security governance for PFSNA in coordination with PCNA Infosec team. This includes directing the processes and procedures that pertain to information security and the group information security directives.

The Business Information Security Manager would take on the tasks of ensuring data confidentiality, integrity, availability and authenticity. This will include vendor management, risk assessment, regulatory compliance and reporting. She/he would need to guide business departments through the proper processes to ensure information security directives are met.

He/She will work with PFSUS and PFSC business units to assist with project tasks. He/She will be responsible for providing deliverables, performing tasks, and keeping project leaders abreast of project status while ensuring that all project timelines are met.

The Business Information Security Manager will need to work autonomously and provide direction and approval to business owners regarding data governance topics. He/She will need to present metrics and status upward and across the organization and liaise with North American sister companies. He/She will need to stay up to date with information security best practices and standard frameworks.

Roles & responsibilities

• Responsible for Day to day management of PFSNA information security strategy.
• Act as a cyber-security subject matter expert (SME) to PFSUS and PFSC business departments, coordinating and providing multi-disciplinary knowledge, skills and experience in security architecture and security management.
• Manage the PFSNA vendor information security risk assessment and review process in compliance with the Porsche Information Security directives and associated governance documentation.
• Perform onsite vendor audits identifying information security risks, exposures and safeguards. Document risks, create recommendations and develop counter measures.
• Ensure compliance with legal requirements and Porsche policies in regarding information security, and advises the Director, Compliance & Business Integrity on anomalies and create monthly management reports.
• Coordinate with PCNA IT to fulfill PFSUS and PFSC information security requirements.
• Conduct information security reviews of key vendors and all externally hosted and developed websites.
• Participate in PFS Cyber Crisis Committee and Business Continuity Committee and advise on cyber security topics as needed.
• Support formal investigations of and manage responses to information security and data protection incidents and their resolution in collaboration with the appropriate parties
• Coordinate with PCNA IT to develop and maintain a corporate information security awareness program for PFSUS and PFSC
• Review and red line vendor agreements for compliance with information security, data privacy, and records retention standards
• Oversee the review of vendor responses to vendor management related questionnaires and self-assessments (audits)
• Oversee annual Document Management Compliance activities
• Oversee the maintenance and enhancement of the Porsche Privacy Management System for PFSNA.
• Oversee the operation and utilization of the OneTrust system for PFSNA, including ongoing management of Records of Processing Activities, Privacy Impact Assessments, and Data Inventories.
• Responsible for the development and maintenance of formal privacy request training for Customer Service and Remarketing representatives to support employee awareness and adherence with all applicable laws and regulations.
• Maintain subject matter expertise on applicable consumer privacy law, including, but not limited to the California Consumer Privacy Act (CCPA).
• Support internal audit activities and oversee audit measure resolution tasks relating to data privacy and information security related topics
• Manage and respond to data privacy and information security support requests from across the business.
• Act as the PFSNA Local Information Security Officer (LISO) as well as PFSNA Local Data Protection Contact (LDPC).
• Participate in Artificial Intelligence working group and advise business on risks and potential implementation of AI in PFSNA operational processes.
• Responsible for development and delivery of Information Security best practice training materials and process documents in coordination with PCNA IT.
• Oversee and provide approval for PFS-specific information security governance activities (risk management, security categorization, waivers and variances).
• Assist with other projects assigned by the Director, Compliance & Business Integrity.

Education:

• Bachelor’s degree in Computer Technology, MIS, or Computer Science; or the equivalent education, certification or relevant experience

• Preferred to have one of the following certifications
  • CISSP, CISM, CISA, CompTIA Security+

Experience:

• 5 to 7 years general IT experience
• 3+ years Information security program management and compliance
• IT security internal and external auditing preferred
• Regulatory compliance (ISO, PCI, SAS70, Industry Best Practices)
• Maintain a strong working knowledge and understanding of financial industry regulations and laws, including, but not limited to the Truth In Lending Act (TILA) and Reg Z, Consumer Leasing Act and Reg M, Fair Credit Reporting Act (FCRA), Equal Credit Opportunity Act (ECOA), Fair Debt Collections Practices Act (FDCPA), Servicemembers' Civil Relief Act (SCRA), Telephone Consumer Protection Act (TCPA), Graham-Leach-Bliley Act (GLBA), and related state and local statutes and regulations.

Skills:

Required

• Deep understanding of industry accepted standards and frameworks (ISO 2700x, NIST, PCI)
• Strong multi-tasking skills with the ability to handle multiple priorities
• Proficiency with MS Office applications including Project and Visio
• Exceptional organizational skills
• Ability to work independently
• Excellent communication skills – both verbal and written
• Technical Knowledge – overall understanding of applied information technology
• Detail oriented
• Experience reviewing, documenting, and identifying process/control weaknesses.
• Information security industry best practices
• Demonstrated ability to collaborate with multiple groups on multiple levels

Preferred

• Vendor agreements
• Training

Competencies:

The candidate should embody the following Porsche Values and Competencies:

• Performance – we love to compete
• Courage – we expect entrepreneurial behavior
• Enthusiasm – we love what we do
• Curiosity – we look beyond
• Integrity – we are fair and honest
• Transparency – we work openly with each other
• Teamwork – we debate and collaborate
• Respect – we value each other personally and professionally
• Customer Focus – we make every decision with our customers in mind
• Leadership – we think strategically, manage courageously, leads by example and develop our employees

Percentage of required travel: 10%

Position is based Atlanta, GA.

The salary range for this role is $150,000 -$160,000. However, it is important to note that at Porsche, compensation range is dependent on geographic location. Individual salaries within each range are determined through a wide variety of factors including but not limited to education, experience, knowledge and skillset. Porsche reviews compensation regularly and may adjust base salaries to reflect market competitiveness.

In addition to salary, individuals may be eligible for a discretionary performance bonus. Our full suite of benefits includes:

• Paid Vacation
• Paid Holidays
• Paid Sick leave
• 401(k) match
• Medical, dental and vision coverage
• Tuition and certification reimbursement
• Life Insurance
• Short and Long Term Disability Coverage
• Subsidized gym membership program
• Subsidized Porsche and VW leasing programs

Physical requirements

• Must be able to lift 15 pounds at times.
• While performing the duties of this job the employee is required to talk, hear, walk, sit, stand, climb stairs on occasion with prolonged periods of sitting at a desk and working on a computer.

• • Must be able to effectively work and complete tasks in an open office/noisy environment.

Direct reports

• Sr. Data Privacy Analyst