Status

Summary

Under the direction of Information Security management, the Cyber Security Architect is responsible for protecting Kia America (KUS) including subsidiaries from cyberattacks which can result in loss of sensitive data, harm to the company brand or disruption to business operations. This position will report to the Head of Information Security and be a key member of the Information Security team. 

This critical role will coordinate the information security reviews of company IT initiatives either directly or through IT service providers. This includes conducting security risk assessments, performing penetration tests, identifying threats and vulnerabilities, and presenting recommendations to address them. 

The Cyber Security Architect will take necessary actions and preventive measures, such as analyzing security system logs, to protect company information systems, including employee, dealer and consumer facing systems, from being compromised. This role will investigate the security vulnerabilities of company information systems and provide solutions and methods to remediate them. This role is also responsible for creating, updating, and testing the company’s incident response procedures for handling security events.  This includes conducting regular table-top exercises to continuously improve the effectiveness of these procedures and minimize the recovery time and business impact of an actual security event.  This role will work with internal and external parties to conduct forensic analysis to determine root causes and implement corrective and preventive plans.  

The Cyber Security Architect works closely with KUS business units and security service providers to develop optimal solutions for short-term and long-term enhancements of KUS’s security maturity. 

Major Responsibilities

1st Priority - 30%

Conduct testing to identify vulnerabilities on applications, infrastructure, and computer systems. Collaborate with the IT teams (both internal and external) to remediate or update security controls when necessary.

2nd Priority - 30%

Establish security incident response policies and procedures and conduct regular training. In the event of a security breach, lead the efforts to analyze the logs and investigate the details of the incident to take appropriate actions.  This includes taking the lead in coordinating the response to any cyber event.

3rd Priority - 30%

Collect data on current security systems for risk analysis and write regular status reports on findings. Design and implement internal threat monitoring scenarios using data analysis tools. Analyze and detect signs of data leakage and report to management if unauthorized activity is found.

4th Priority - 10%

Provide information security consulting services to key stakeholders across all business departments.

Education/Certification

• Bachelor’s degree or comparative experience with emphasis on information security
• Advanced degree and/or certification(s) in cyber security a plus
   

Overall Experience

• 8+ years of experience in an organization with mature security processes
• 3+ years of experience in conducting hands-on security penetration tests or  and vulnerability management.  Experience working on Red Teams to identify vulnerabilities with Internet facing business systems is preferred.
• 3+ years of experience within information security incident response, cybersecurity, and/or IT risk management
• Familiar with security related regulations and compliance requirements
• Familiar with the information security auditing process and evidence collection

Other:

• Must be proactive, self-motivated, and lead team to multiple concurrent solutions.

Directly Related Experience

-

Skills

Competencies