Volkswagen AG

Lead and evolve cybersecurity architecture, manage audits, and guide security practices across teams. | Requires 10+ years in IT security, 5+ years in cloud/IoT cybersecurity, relevant certifications (CISSP, GIAC GSE), and experience with security frameworks. | Electrify America is committed to revolutionizing the way people charge. As the country's largest open DC fast charging network, Electrify America is actively contributing to electrifying mobility today and building a more sustainable future.   At Electrify America, we value innovation, collaboration, and a commitment to sustainability. We strive to establish a diverse and inclusive workplace where employees can develop personally and professionally. As a team member at this rapidly growing company, you can work on state-of-the-art technology and join a team making a significant impact in the world. If you're interested in joining a dynamic, innovative company, Electrify America is a place where you can learn, grow, and make a difference!    Brief Role Description The Sr. Manager, Cybersecurity position will be an expert leader influencing multiple functional areas and part of the team responsible for evolving and maintaining a unified security architecture, key security controls, and processes. This role is responsible for leveraging and amplifying subject matter expertise across various security areas to ensure our security practices and controls continually improve, conform to best practices and standards, and are independently reviewed through testing and audits. The Cyber Security Manager needs to be comfortable working across multiple Information Technology disciplines and demonstrate a strong passion for Information Security.Possible Tasks within this Role Role Responsibilities: List essential functions in order of importance; include percentage of time spent performing each function (total should equal 100%) Main responsibility – 100% of time spent Establish and evolve unified security architecture, key security controls, and models; while being subject matter experts for various security areas, ensure our security practices and controls constantly improve Lead preparation and successful completion of initial and recurring cybersecurity audits in line with the attestation and certification requirements of SOC2, ISO-27001, PCI DSS, and similar standards Provide guidance and advice to Software Development, Cloud Engineering, Enterprise System, and other teams in relation to secure development practices at both the application level as well as the virtual infrastructure level; periodically review adherence to the guidelines and enable continuous improvement by providing feedback and further inputs to the corresponding managers and teams security requirements related to cybersecurity, assess steps required to meet these requirements, and provide inputs to Product Management, Software Development, and Enterprise Software Collaborate with other teams and departments to review business and regulatory security requirements and fit them with other constraints or technology limitations. Educate and mentor project team members in areas of security best practices and company security policies. Create and maintain architecture design artifacts such as diagrams and documentation. Maintain and expand knowledge of best practices and emerging trends in both general information security as well as key specialty areas such as cloud and mobile security. Establish processes and criteria to translate output of architecture assessments, penetration tests, and application security scans into actionable remediation requirements; monitor remediation activities to ensure the timelines and priorities are in line with expectations. Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies. Integrate and collaborate with the Information Technology team for various processes such as access and identity management, vulnerability management, risk management, etc. Own, author, and update company policies related to cybersecurity Lead evolution and recurring testing of the incident response program; contribute to decision-making responding to potential cyber threats Mature and evolve robust and efficient processes managing supply chain cyber security, software, and hardware component and tool approval; enhance vendor cyber risk evaluation and assessment Establish a continuous process for identifying potential threats and collaborating with various engineering teams to assess threat and vulnerability impacts Engage with various industry players, organizations, and interest groups to influence policymaking and standard development in relation to EV charging and e-mobility Constantly learn about the changing cybersecurity landscape and take actions to prepare our company for the future Qualification requirements Years of Relevant Experience: Minimum years of relevant experience needed to perform the job 10+ years of experience in Information Technology Security, 5+ years of experience in Cloud and IoT cybersecurity Education Required •             BS in Computer Science, Computer Engineering, Information Systems, or equivalent experience CISSP or GIAC GSE certification       Additional relevant certifications (IRMCB, CompTIA, ISACA, ICS2, etc) Training on best cybersecurity practices and regulatory requirements from a recognized industry organization (SANS Institute, NICCS, etc) Skills: General skills needed to perform the job Ability to explain complex concepts and dependencies Ability to lead and facilitate training and planning workshops Ability to understand contractual and regulatory requirements related to information management and cybersecurity Experience creating standards, policies, and procedures Creative vision and ability to influence Time management and organizational skills, with the ability to meet tight deadlines Strong interpersonal skills Excellent written and oral communication, including presentation skills Specialized Skills: Knowledge or certifications unique to this role Required: Extensive experience implementing common cybersecurity control frameworks such as NIST CSF, SOC2 Type 2, ISO 27001, or similar Demonstrated experience leading preparation and successfully attaining SOC2 Type 2 attestation Strong knowledge and expertise in secure software development lifecycle, understanding of common vulnerabilities in Web, Mobile and services-based applications, understanding of cybersecurity testing Strong knowledge and practical experience with identity management, authentication and authorization standards Strong experience with common application security concepts, such as the OWASP Top 10, and their practical implementation. Experience with vulnerability management methodologies and implementations. Solid understanding of intrusion detection and prevention solutions and techniques Experience with multi-factor authentication, single sign-on, identity management, and related technologies. Desired: Experience implementing development processes in line with IEC-62443-4 Experience with PCI DSS Strong understanding of PKI standards and best practices Experience with audit compliance and tracking software Understanding of DevOps principles and "shift left" philosophy. Understanding of application development and secure coding techniques. Certified Cloud Security Professional (CCSP) #LI-MB1                 Electrify America, LLC is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.   This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security.   This Organization participates in E-Verify. We maintain a drug free workplace and perform pre-employment substance abuse testing.   Electrify America endeavors to make www.electrifyamerica.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at careers@electrifyamerica.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.   Salary range is dependent on factors such as geographical differentials, industry-based experience, skills, training, credentials, and other qualifications.   In the state of California, the salary range is $140,600 – $321,850.  In the state of Colorado, the salary range is $140,600 – $247,550.  In the state of Washington, the salary range is $140,600 – $270,050.  In New York City, the salary range is $201,100 – $321,850.  In Westchester County, the salary range is $168,800 – $321,850.  In the state of Rhode Island, the salary range is $140,600 – $247,550.    #LI-MB1 #LI-REMOTE Electrify America is committed to revolutionizing the way people charge. As the country's largest open DC fast charging network, Electrify America is actively contributing to electrifying mobility today and building a more sustainable future.   At Electrify America, we value innovation, collaboration, and a commitment to sustainability. We strive to establish a diverse and inclusive workplace where employees can develop personally and professionally. As a team member at this rapidly growing company, you can work on state-of-the-art technology and join a team making a significant impact in the world. If you're interested in joining a dynamic, innovative company, Electrify America is a place where you can learn, grow, and make a difference!    Brief Role Description The Sr. Manager, Cybersecurity position will be an expert leader influencing multiple functional areas and part of the team responsible for evolving and maintaining a unified security architecture, key security controls, and processes. This role is responsible for leveraging and amplifying subject matter expertise across various security areas to ensure our security practices and controls continually improve, conform to best practices and standards, and are independently reviewed through testing and audits. The Cyber Security Manager needs to be comfortable working across multiple Information Technology disciplines and demonstrate a strong passion for Information Security.Possible Tasks within this Role Role Responsibilities: List essential functions in order of importance; include percentage of time spent performing each function (total should equal 100%) Main responsibility – 100% of time spent Establish and evolve unified security architecture, key security controls, and models; while being subject matter experts for various security areas, ensure our security practices and controls constantly improve Lead preparation and successful completion of initial and recurring cybersecurity audits in line with the attestation and certification requirements of SOC2, ISO-27001, PCI DSS, and similar standards Provide guidance and advice to Software Development, Cloud Engineering, Enterprise System, and other teams in relation to secure development practices at both the application level as well as the virtual infrastructure level; periodically review adherence to the guidelines and enable continuous improvement by providing feedback and further inputs to the corresponding managers and teams security requirements related to cybersecurity, assess steps required to meet these requirements, and provide inputs to Product Management, Software Development, and Enterprise Software Collaborate with other teams and departments to review business and regulatory security requirements and fit them with other constraints or technology limitations. Educate and mentor project team members in areas of security best practices and company security policies. Create and maintain architecture design artifacts such as diagrams and documentation. Maintain and expand knowledge of best practices and emerging trends in both general information security as well as key specialty areas such as cloud and mobile security. Establish processes and criteria to translate output of architecture assessments, penetration tests, and application security scans into actionable remediation requirements; monitor remediation activities to ensure the timelines and priorities are in line with expectations. Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies. Integrate and collaborate with the Information Technology team for various processes such as access and identity management, vulnerability management, risk management, etc. Own, author, and update company policies related to cybersecurity Lead evolution and recurring testing of the incident response program; contribute to decision-making responding to potential cyber threats Mature and evolve robust and efficient processes managing supply chain cyber security, software, and hardware component and tool approval; enhance vendor cyber risk evaluation and assessment Establish a continuous process for identifying potential threats and collaborating with various engineering teams to assess threat and vulnerability impacts Engage with various industry players, organizations, and interest groups to influence policymaking and standard development in relation to EV charging and e-mobility Constantly learn about the changing cybersecurity landscape and take actions to prepare our company for the future Qualification requirements Years of Relevant Experience: Minimum years of relevant experience needed to perform the job 10+ years of experience in Information Technology Security, 5+ years of experience in Cloud and IoT cybersecurity Education Required •             BS in Computer Science, Computer Engineering, Information Systems, or equivalent experience CISSP or GIAC GSE certification       Additional relevant certifications (IRMCB, CompTIA, ISACA, ICS2, etc) Training on best cybersecurity practices and regulatory requirements from a recognized industry organization (SANS Institute, NICCS, etc) Skills: General skills needed to perform the job Ability to explain complex concepts and dependencies Ability to lead and facilitate training and planning workshops Ability to understand contractual and regulatory requirements related to information management and cybersecurity Experience creating standards, policies, and procedures Creative vision and ability to influence Time management and organizational skills, with the ability to meet tight deadlines Strong interpersonal skills Excellent written and oral communication, including presentation skills Specialized Skills: Knowledge or certifications unique to this role Required: Extensive experience implementing common cybersecurity control frameworks such as NIST CSF, SOC2 Type 2, ISO 27001, or similar Demonstrated experience leading preparation and successfully attaining SOC2 Type 2 attestation Strong knowledge and expertise in secure software development lifecycle, understanding of common vulnerabilities in Web, Mobile and services-based applications, understanding of cybersecurity testing Strong knowledge and practical experience with identity management, authentication and authorization standards Strong experience with common application security concepts, such as the OWASP Top 10, and their practical implementation. Experience with vulnerability management methodologies and implementations. Solid understanding of intrusion detection and prevention solutions and techniques Experience with multi-factor authentication, single sign-on, identity management, and related technologies. Desired: Experience implementing development processes in line with IEC-62443-4 Experience with PCI DSS Strong understanding of PKI standards and best practices Experience with audit compliance and tracking software Understanding of DevOps principles and "shift left" philosophy. Understanding of application development and secure coding techniques. Certified Cloud Security Professional (CCSP) #LI-MB1                 Electrify America, LLC is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.   This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security.   This Organization participates in E-Verify. We maintain a drug free workplace and perform pre-employment substance abuse testing.   Electrify America endeavors to make www.electrifyamerica.com/careers accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at careers@electrifyamerica.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.   Salary range is dependent on factors such as geographical differentials, industry-based experience, skills, training, credentials, and other qualifications.   In the state of California, the salary range is $140,600 – $321,850.  In the state of Colorado, the salary range is $140,600 – $247,550.  In the state of Washington, the salary range is $140,600 – $270,050.  In New York City, the salary range is $201,100 – $321,850.  In Westchester County, the salary range is $168,800 – $321,850.  In the state of Rhode Island, the salary range is $140,600 – $247,550.    #LI-MB1 #LI-REMOTE