• Job Description

  Req#: 44490

  Dana is a global leader in the supply of highly engineered driveline, sealing, and thermal-management technologies that improve the efficiency and performance of vehicles with both conventional and alternative-energy powertrains. Serving three primary markets – passenger vehicle, commercial truck, and off-highway equipment – Dana provides the world's original-equipment manufacturers and the aftermarket with local product and service support through a network of nearly 100 engineering, manufacturing, and distribution facilities.

  Job Purpose

  • Manage a program for tracking and reporting metrics to monitor the effectiveness of the overall security, risk management and compliance program.
  • Oversee, develop, implement, and maintain Information Security policies, standards, and controls.
  • Promote Information Security training awareness through multiple distribution channels including lunch and learn sessions, blogging within the company’s portal, publishing newsletters, and webcast presentations.
  • Manage the IT risk management program which extends to vendor risk management.
  • Coordinate remediation planning and tracking through to resolution for audit recommendations to ensure adhere to the organization’s compliance obligations.

  Job Duties and Responsibilities

  • Oversees IT risk identification, mitigation and acceptance processes in coordination with security and IT operations. Works with business and functional areas to perform risk assessments and make appropriate risk treatment decisions.
  • Coordinate and report on the overall compliance to designated security frameworks and customer requirements such as, TISAX, NIST CSF, CIS CSC, ISO 27001
  • Coordinate governance over the segregation of duties program with the SOX compliance team to ensure adherence to SOX obligations.
  • Maintain the IT general control framework.
  • Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
  • Maintain security awareness training materials and provide education/awareness for end-user community, managers and executive management.
  • Perform IT risk planning, mitigation and remediation to address IT control deficiencies and IT risks identified through IT audits or IT risk assessments.
  • Serve as primary point of contact for IT audit and IT compliance remediation plans and coordinates IT audit planning with internal and external audit teams.
  • Monitors regulatory environment for impact on security and IT risk programs and initiatives.
  • Updates and maintains policies, standards, and procedures to enhance security within the organization. Regularly review the policies, standards and procedures to confirm they are current with existing threat landscape.
  • Educates business and IT customers on security policy, standards, procedures and controls.
  • Responsible for performing information security risk assessments according to defined scope.
  • Oversee and execute on Vendor Risk Management (VRM) program to identify and mitigate the risk of third party relationships to Dana.
  • Provides support regarding analysis and recommended solutions for monitoring, auditing, and security tools in support of the security operations.
  • Monitors and ensures compliance for all appropriate regulatory requirements including Sarbanes Oxley (SOX), International Traffic and Arms Regulation (ITAR), and Safe Harbor, including any new regulatory initiatives applicable to Dana in the course of business.
  • Responsible for the review and assessment of security controls before hardware/software is migrated to production.
  • Coordinate policy exception requests and tracking.

  Qualifications

  Education

  • Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required.

  Experience

  • Minimum of 5 years of experience with 2 years of experience in a managerial role related to information security policy, standards, architecture, technology and programs.
  • “Big Four” and/or consulting experience required.
  • Experience with implementing and auditing NIST CSF, ISO 27001, CIS CSC, and TISAX frameworks are required.

  Language Skills

  • English (fluency in reading, writing and speaking)

  Certifications

  • Must have at least one of the following active certifications: CISA, CISM, CISSP
  • Other relation certifications such as CRISC, ITIL, PMP, SANS/GSEC, CIPP, CGEIT, TOGAF are preferred but not required.

  Additional skills

  • Global organization experience is preferred but not required

  
  We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

  
  Unsolicited Resumes from Third-Party Recruiters

  Please note that as per Dana policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that Dana will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.

• About the company

  Dana Incorporated is an American supplier of axles, driveshafts, transmissions, and electrodynamic, thermal, sealing, and digital equipment for conventional, hybrid, and electric-powered vehicles.

Notice