Summary

​

Under the direction of Digital Technology Management, the Security Analyst for Information Security will report to the Cybersecurity Manager and be a key member of the security team.

​

This important role will coordinate the cyber security review of company IT initiatives either directly or through IT service providers.  This includes conducting security risk assessments, identifying threats and vulnerabilities, and presenting recommendations to address them. This position will also help ensure company compliance with local and global information security policies as well as responding to requests for evidence from internal and external auditors.

​

This position will be based in the Kia US headquarters in Irvine, California.

​

Company Overview

​

At Kia, we’re creating award-winning products and redefining what value means in the automotive industry. It takes a special group of individuals to do what we do, and we do it together. Our culture is fast-paced, collaborative, and innovative. Our people thrive on thinking differently and challenging the status quo. We are creating something special here, a culture of learning and opportunity, where you can help Kia achieve big things and most importantly, feel passionate and connected to your work every day.

• Coordinates security risk assessment activities for IT projects. Works closely with business units in support of new, or upgraded, technology solutions. Works with IT service providers to conduct vendor risk assessments and perform penetration tests. (30%)
• Coordinates Kia’s portion of security audits including the annual Kia HQ security assessment and annual Financial Systems audits. Works with Kia business units and IT service providers to gather evidence in response to audit requests.  (30%)
• Works closely with Kia America Cybersecurity and Privacy attorney to comply with new and emerging privacy laws and regulations. Takes lead on data lineage and data leakage prevention activities. (20%)
• Provides security consulting services to key stakeholders such as the Connected Car group and Legal. (20%)

Required Qualifications

​

• Bachelor’s degree or comparative experience with emphasis on information security
• 5 years of experience in an organization with mature security processes
• 3 years of experience as a security analyst
• Exposure to ISO 27001, NIST 800-53 and/or CIS Top 18 Critical Controls
• Familiar with privacy regulations and compliance requirements
• Familiar with the information security auditing process and evidence collection
• Must be proactive, self-motivated, and lead team to multiple concurrent solutions.

​

Preferred Qualifications

​

• Advanced degree and/or certification(s) in cyber security a plus

Skills

​

• Ability to assess systems support operations and lead process improvement.
• Ability to manage external vendors in the development and delivery of related products, programs, and services.
• Excellent customer service ability and strong verbal and written communication skills
• Requires high-level organizational, planning, analytical, and technical skills.

​

Competencies

​

• CHALLENGE - Solving Complex Problems
• COLLABORATION - Building and Supporting Teams
• CUSTOMER - Serving Customers
• GLOBALITY - Showing Community and Social Responsibility
• PEOPLE - Interacting with People at Different Levels

​

Equal Employment Opportunities

​

KUS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, ancestry, national origin, sex, including pregnancy and childbirth and related medical conditions, gender, gender identity, gender expression, age, legally protected physical disability or mental disability, legally protected medical condition, marital status, sexual orientation, family care or medical leave status, protected veteran or military status, genetic information or any other characteristic protected by applicable law.  KUS complies with applicable law governing non-discrimination in employment in every location in which KUS has offices.  The KUS EEO policy applies to all areas of employment, including recruitment, hiring, training, promotion, compensation, benefits, discipline, termination and all other privileges, terms and conditions of employment.

​

Disclaimer

​

The above information on this job description has been designed to indicate the general nature and level of work performed by employees within this classification and for this position.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Description

​

Play a vital role in shaping the future of an iconic company and make a direct impact in a dynamic environment designed for top achievers.

​

As a Senior Lead Cybersecurity Architect at JPMorgan Chase within the Corporate Technology Cybersecurity and Tech Controls line of business, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications and platform products. Drive significant business impact through your capabilities and contributions, and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.

• Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
• Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
• Serves as function-wide subject matter expert in one or more areas of focus
• Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
• Influences peers and project decision-makers to consider the use and application of leading-edge technologies
• Adds to team culture of diversity, equity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on security architecture practices in the network domain concepts and 5+ years applied experience.
• Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
• Advanced in one or more programming languages or applications
• Hands-on practical threat modeling experience using MITRE, STRIDE
• Experience with Security Solutions Architecture and design reviews.
• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• Ability to tackle design and functionality problems independently with little to no oversight
• Practical cloud native experience
• Ability to evaluate current and emerging technologies to select or recommend the best solutions for the future state architecture

​

Preferred qualifications, capabilities, and skills

• Experience with Security compliance systems

NA

Location:

Redstone Arsenal, AL

​

Position:

Cybersecurity Specialist IAT II Intermediate

​

Why work at ITC Defense:

• Employer Supplemented Health Insurance
• Employer Paid Dental and Vision Insurance
• Employer Paid Life and AD&D Insurance
• 3% Biweekly 401(k) Contribution
• Paid Time Off
• Tuition and Certification Reimbursement
• Competitive Salaries with Performance Incentives
• A positive working environment with supportive teammates and leadership

• Supports, monitors, tests, and troubleshoots hardware and software cybersecurity problems pertaining to the enclave environment.
• Ability to apply cybersecurity policy, tools, and procedures to mitigate system vulnerabilities.
• Preparing artifacts and evidence of an authorization package.
• Familiarity reviewing vulnerability scan results, audit logs, & Security Technical Implementation Guide (STIG) checklist.
• Gathering, developing, and updating artifacts to facilitate system Accreditation and Authorization (A&A) processes.
• Evaluating and assessing effectiveness of security controls through testing and documentation.
• Managing Plan of Action and Milestone (POA&M's) in eMASS.
• Familiarity submitting eMASS workflows.
• Some travel is expected for this position.
• Other duties as assigned.

Minimum Qualifications:

• Bachelors in STEM/Cyber-related field or equivalent from an accredited institution with at least 5 years of cyber technical experience.
• Acceptable alternative: Bachelor’s degree in other than STEM/Cyber-related field with 7 years DoD Cyber technical experience and knowledge demonstrated in missile defense related or other complex, large DoD Programs /Projects.
• Acceptable alternative: Associate degree in STEM/Cyber-related field w/10 years DoD cyber experience and knowledge demonstrated in cyber and missile defense related or other complex, large DoD Programs/Projects.
• IAT II Certification prior to accepting position.
• Must have technical certification or 2 years’ experience with McAfee Endpoint Security, Assured Compliance Assessment Solution (ACAS), Splunk, and/or experience implementing network/enclave/system security toolsets with experience reviewing technical assessment reports and prioritizing technical corrective actions. Must achieve certification in required tools within 6 months of position acceptance.
• An Active Secret Clearance with Top Secret eligibility is required.

ITC Defense Corp. is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or protected veteran status. U.S. Citizenship is required for most positions. This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change, or new ones may be assigned at any time with or without notice. Employment with ITC is at-will. For further information on our equal opportunity protections as part of the employment process, please see http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf and http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf

​

ACCESSIBILITY- Candidates must be able to perform the essential functions of the position satisfactorily and that, if requested, reasonable accommodation may be made to enable employees with disabilities to perform the essential functions of their job, absent undue hardship. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation for purposes of participating in the application/selection process with ITC. Please refer to our website www.itcdefense.com/careers for further information on all our EEO/VEVRAA policies.

​

Thank you for your interest in ITC Defense