Cyber Security GRC Analyst
Vor 7 Tagen
About AAG
Alliance Automotive Group (AAG) is a leading distributor of passenger and commercial vehicle parts to the independent automotive aftermarket in Europe. It operates in the United Kingdom, Ireland, France, Germany, Poland, Spain, Portugal, Belgium, and the Netherlands.
The company is a wholly owned subsidiary of Genuine Parts Company (GPC), the largest worldwide automotive parts distributor with activities in North America, Europe, and Australasia. AAG's network is serving thousands of customers across Europe supported by a logistics infrastructure of 80 Distribution Centers, 2,455 Stores as well as 7,590 Repair Centers.
The AAG has a revenue of 3.1 billion euros with over 17,000 employees. Learn more at
Join us and be part of our growing network of talented people.
About The Role
We are hiring a Cyber Security GRC Analyst to work across all IT projects and operations to ensure solutions and IT services align to policies and standards as well as maintain obligatory compliance standards. The role will report to the GRC Manager.
What You ́ll Be Doing
- Focus on reduction of risk in the organisation, continual cyber maturity uplift, and vulnerability and risk remediation with regards to IT, M&A, 3rd Party Risk
- Analyse IT and cyber security technical issues, articulating into IT risks, conduct risk owner management, treatment plan management, metrics and reporting of overall risk posture
- Work with the risk owners and their IT team to develop plans for remediation that meet business needs and drive alignment across key stakeholders.
- Run security awareness campaigns, phishing campaigns and perform reporting of security awareness metrics.
- Manages continual improvement and alignment to NIST framework and PCI-DSS requirements within the organisation. Identifies gaps, develops and recommends target and transitional security activities/projects/programs to close gaps.
- Excellent documentation and conceptual strategic thinking abilities. Must be able to breakdown ideas/recommendations into simple, well-articulated, easily understood tasks that are achievable.
- Undertake M&A due diligence, risk, and cyber security assessments to highlight security gaps and rate risks associated with M&A environment, systems and services.
- Work with the business and broader IT group to categorise, document and agree remediation roadmap, exemption or acceptance of risks.
- Work with Legal and Assessors.Consult for the business in their compliance obligations and maintenance of high standards; alignment to GPC global security policies and standards, and other industry regulations and standards such as PCI-DSS, NIST, etc.
What You ́ll Need
Technical Skills and Qualifications
- Bachelor degree Information Technology, Computer Science, Engineering or a related discipline
- Requires someone with broad technical experience across key security domains, including but not limited to:
- Cyber Security Risk Management
- Technical Analysis, Process Improvement Recommendation
- Security Protocols, Frameworks & Standards (NIST, PCI-DSS)
- Security Vulnerability Management
- Security Awareness and Training
- Governance – Security policies, standards and procedures
Personal Skills
- Flexible individual who will thrive in a dynamic organisational environment and has enthusiasm for addressing unexpected new challenges at short notice
- A high level of energy, commitment, organisation, and an ability to work under pressure in a fast-changing environment
- Outcome driven, customer service oriented and seeks out creative challenges
- Known for being collaborative and consultative – strong influencing and stakeholder engagement skills
- Excellent analytical skills: able to effectively elicit needs and gather and assess options in a structured way as a precursor to forming well considered recommendations
- Well organised with the ability to manage priorities, workload, and timeframes
- Able to effectively work within virtual and cross functional teams
- Excellent documentation and conceptual strategic thinking abilities
- Experience working under pressure and resilient; able to face and resolve conflicts
- Excellent interpersonal skills in areas such as teamwork, facilitation, negotiation and demonstrated ability to work well with others and be respected as a leader
- Takes ownership of actions
- Works with minimum supervision
Core Competencies
- Adheres to company Health, Safety and Environment policy and procedures, always works in a safe manner, and encourages others to do so
- Provides outstanding Customer Service including excellent telephone and presentation manner
Technical and other Role Specific competencies
- Comprehensive knowledge of security principles, concepts and industry best practices relating to IT risks. Ability to reduce security risk in a low-cost environment.
- Proficient at risk identification, categorisation and remediation at all levels within the security domain
- Technical knowledge to be able to understand penetration testing reports, compliance audit reports, vulnerability reports, zero-day alerts, CVSS ratings and descriptions
- Pre-emptive approach to reducing manual labour associated with analysis of security risks, drive process improvements to optimise IT risk management within the organisation
- Deep understanding of NIST, Secure Controls Framework and PCI-DSS requirements and identification of gaps and non-compliance by existing processes
- Strong ability to work with partners and vendors to drive accountabilities and deliver outcomes
- Ability to capture and manage ideas, conducting research to anticipate and meet current and future needs of the business
- Track record for remaining unbiased toward any specific technology or vendor, and for being more interested in results than personal preferences
- Ability to coordinate relationships with and between key stakeholders, demonstrating excellent stakeholder management and reporting skills
- Systematic thinking and ability to work at different levels of abstraction and to quickly comprehend the functions and capabilities of new technologies
- Maintains awareness of organisation needs and promotes the benefits of a common approach to security
- Maintains awareness of current regulatory, technology and security standards
- Builds strong relationships with senior stakeholders (internal and external)
- Ability to plan, organise and prioritise work to ensure time is used effectively and deadlines are met
- Strong ability to understand the technical detail but cut through and summarise key elements to business audiences
Other
- Infrequent overseas travel may be required
Our Offer To You
Employment in an International, multi-cultural, dynamic company
International responsibility combined with exciting projects
High degree of personal responsibility and creative freedom for ideas
Personal development and career progression opportunities
Flexibility and hybrid working model
-
Cyber Security Consultant IoT/OT
vor 2 Monaten
Köln, Nordrhein-Westfalen, Deutschland Spike Cyber Reply VollzeitEnd-to-end consulting in the area of IT/IoT/OT design/architecture, including on-premises, edge and cloudDevelopment and deployment of IoT/OT security solutionsAnalysis and assessment of risks in IoT and/or OT infrastructures and their documentation as well as concepts for improving the security levelAudits and compliance checks in accordance with...
-
Cyber Security Consultant IoT/OT
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Spike Cyber Reply VollzeitEnd-to-end consulting in the area of IT/IoT/OT design/architecture, including on-premises, edge and cloudDevelopment and deployment of IoT/OT security solutionsAnalysis and assessment of risks in IoT and/or OT infrastructures and their documentation as well as concepts for improving the security levelAudits and compliance checks in accordance with...
-
Cyber Security Consultant IoT/OT
vor 3 Wochen
Köln, Nordrhein-Westfalen, Deutschland Spike Cyber Reply VollzeitEnd-to-end consulting in the area of IT/IoT/OT design/architecture, including on-premises, edge and cloudDevelopment and deployment of IoT/OT security solutionsAnalysis and assessment of risks in IoT and/or OT infrastructures and their documentation as well as concepts for improving the security levelAudits and compliance checks in accordance with...
-
IT Security Analyst
vor 2 Monaten
Köln, Nordrhein-Westfalen, Deutschland MSIG Insurance Europe AG Jobportal VollzeitTo strengthen our team, we are looking for at the earliest possible date for our Corporate Center at our location in Cologne:IT Security Analyst (m/f/d)Job DescriptionInvestigation and monitoring of security threats. Vulnerability analysis, including during security incidents. Participation in penetration tests and vulnerability scans. Coordination of threat...
-
Risk Engineer Cyber-Security
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Zurich Insurance Company VollzeitBist du bereit, die Zukunft upzugraden ? Bei Zurich leben wir Versicherung neu. Um die Wünsche unserer Kunden noch besser zu erfüllen, gehen wir neue Wege, denken kreativ, arbeiten agil. Unsere Unternehmenskultur schenkt dir in jeder Hinsicht mehr Flexibilität – und viel Freiraum, dich optimal zu entfalten. Think big – und gerne auch...
-
Risk Engineer Cyber-Security
vor 3 Wochen
Köln, Nordrhein-Westfalen, Deutschland Zurich Insurance Company Ltd. VollzeitBist du bereit, die Zukunft upzugraden? Bei Zurich leben wir Versicherung neu. Um die Wünsche unserer Kunden noch besser zu erfüllen, gehen wir neue Wege, denken kreativ, arbeiten agil. Unsere Unternehmenskultur schenkt dir in jeder Hinsicht mehr Flexibilität – und viel Freiraum, dich optimal zu entfalten. Think big – und gerne auch international...
-
Cyber Security
vor 1 Woche
Köln, Nordrhein-Westfalen, Deutschland rhenag Rheinische Energie AG VollzeitWillkommen im Team der rhenag Rheinische Energie AG. 1872 in Köln gegründet, stehen wir den Menschen und Unternehmen in unserer Region als eines der ältesten deutschen Versorgungsunternehmen partnerschaftlich zur Seite. Doch längst sind wir kein typischer Regionalversorger mehr, der "nur" dafür sorgt, dass zuverlässig Strom, Gas und Wasser fließt. Wir...
-
Duales Studium Cyber Security
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland REWE digital GmbH VollzeitDuales Studium Cyber Security 2024Dein Home of IT: REWE digitalWir sind das Zuhause für alle, die sich in der digitalen Welt tummeln. Ein Tech-Team, in dem IT- und Non-IT-Spezialist:innen aus verschiedensten Bereichen zusammenarbeiten. Gemeinsam erwecken wir Innovationen zum Leben – für den Handel und den Alltag von Millionen Menschen. Bei uns ist jede:r...
-
Cyber Security Consultant
vor 1 Woche
Köln, Nordrhein-Westfalen, Deutschland CLOUDYRION VollzeitÜber das UnternehmenUnser Unternehmen ist ein Start-Up für IT-Security-Beratung aus Düsseldorf mit bereits etablierten Großkundenstamm. Wir stehen für lösungsorientierte Ansätze in den Bereichen Risk-Assessment, Ethical Hacking und Consulting.Als deutschsprachige r Junior / MidLevel / Senior Cyber Security Berater In für Secure-by-Design in Vollzeit...
-
Consultant Cyber Security
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland UNITY Consulting & Innovation Vollzeithybrid deutschlandweit | Urban Sports | Job Rad u.v.m.Wirke an der Spitze der digitalen Transformation mit, indem du Cyberkriminellen keine Chance lässt. Werde Teil des UNITY-Cyber Security TeamsAufgabenDas erwartet dichFachliche Entfaltung mit vom Handelsblatt ausgezeichneten TOP-Beratern* für Cyber Security.Marktunübliche Gestaltungsfreiheit sowie...
-
IT Security Analyst
vor 4 Wochen
Köln, Nordrhein-Westfalen, Deutschland MSIG Insurance Europe AG VollzeitMSIG Insurance Europe AG ist ein auf Industrierisiken spezialisierter, zukunftsorientierter Versicherer und Teil der MS&AD Insurance Group. Als umsatzstärkster Versicherer in Japan und Marktführer in Asien gehört die MS&AD Insurance Group zu den führenden, weltweit aufgestellten Versicherungsunternehmen. Die MSIG Insurance Europe AG wurde 2012...
-
Cyber Security
vor 4 Wochen
Köln, Nordrhein-Westfalen, Deutschland rhenag Rheinische Energie AG VollzeitWillkommen im Team der rhenag Rheinische Energie AG. 1872 in Köln gegründet, stehen wir den Menschen und Unternehmen in unserer Region als eines der ältesten deutschen Versorgungsunternehmen partnerschaftlich zur Seite. Doch längst sind wir kein typischer Regionalversorger mehr, der „nur“ dafür sorgt, dass zuverlässig Strom, Gas und Wasser fließt....
-
Manager Cyber Security
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland BRL Risk Consulting GmbH & Co. KG VollzeitÜber das UnternehmenGlobale Expertise, lokale Präsenz: Ihre verlässlichen Partner für Rechts-, Wirtschafts- und Steuerfragen seit 2006.Wir sind eine international ausgerichtete Partnerschaft von Rechtsanwälten, Wirtschaftsprüfern und Steuerberatern, die im Jahr 2006 gegründet wurde. Heute sind wir mit rund 380 Mitarbeitern an den Standorten Hamburg,...
-
Senior Penetration Tester
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Deutsche Telekom Security GmbH VollzeitAufgabe Als Senior Penetration Tester (m/w/d) beraten Sie unsere Geschäftskunden selbstständig auf Entscheider- und Fachebene zu allen Fragen von Cyber Security und Cyber Defense. Im Detail umfasst Ihr Aufgabenspektrum die folgenden Bereiche: Eigenständige Durchführung von Penetrationstests und Vulnerability Scans Darstellung der Auswirkungen...
-
Security Design Architect
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Zync. VollzeitCompany I'm working with a company known for their expertise in providing solutions extremely efficiently, whilst retaining a very high level of service. High-level architecture design - detailed level design C1+ German and English language skills 35 years experience in Cyber Security Benefits Work alongside a team of experts Good worklife balance If you...
-
Information Security Manager
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland TÜV Rheinland Group VollzeitReferenzcode: 8137Gesellschaft: TÜV Rheinland Service GmbHDie Begeisterung für zukunftsweisende Lösungen teilen wir mit über Menschen rund um den Globus. Bei TÜV Rheinland können Sie Ihr Wissen eigenverantwortlich einbringen und sich dabei persönlich immer weiter entwickeln. Wir sind ein Team aus hochqualifizierten Expertinnen und Experten, die sich...
-
Information Security Manager
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland TÜV Rheinland Group VollzeitReferenzcode: 8137 Gesellschaft: TÜV Rheinland Service GmbH Die Begeisterung für zukunftsweisende Lösungen teilen wir mit über Menschen rund um den Globus. Bei TÜV Rheinland können Sie Ihr Wissen eigenverantwortlich einbringen und sich dabei persönlich immer weiter entwickeln. Wir sind ein Team aus hochqualifizierten Expertinnen und Experten, die...
-
Senior Cyber Security Engineer IAM
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Walldorf Consulting GmbH VollzeitIPG | Location Berlin, Cologne or home office | Full-time & permanent position | From now onAs a Cyber Security Engineer* in Cologne, Berlin and Dresden, you will become part of our IPG team and advise our customers on all technical topics in Identity & Access Management. You keep an eye on everything and have an absolute organizational talent in order...
-
IT Security Specialist
Vor 7 Tagen
Köln, Nordrhein-Westfalen, Deutschland Wolters Kluwer Deutschland GmbH VollzeitJoin Wolters Kluwer - Shaping the Future TodayFor over 180 years, Wolters Kluwer has been dedicated to supporting and facilitating work processes of experts and businesses with innovative solutions. With a team of more than global colleagues, we are a technology-oriented international company specializing in professional information, software, and services....
-
Information Security Manager
vor 4 Wochen
Köln, Nordrhein-Westfalen, Deutschland TÜV Rheinland Group VollzeitReferenzcode: 8137 Gesellschaft: TÜV Rheinland Service GmbH Die Begeisterung für zukunftsweisende Lösungen teilen wir mit über 20.000 Menschen rund um den Globus. Bei TÜV Rheinland können Sie Ihr Wissen eigenverantwortlich einbringen und sich dabei persönlich immer weiter entwickeln. Wir sind ein Team aus hochqualifizierten Expertinnen und...