Information Security Sr. Principal Specialist
Marysville, OH, US, 43040
What Makes a Honda, is Who makes a Honda
Honda has a clear vision for the future, and it’s a joyful one. We are looking for individuals with the skills, courage, persistence, and dreams that will help us reach our future-focused goals. At our core is innovation. Honda is constantly innovating and developing solutions to drive our business with record success. We strive to be a company that serves as a source of “power” that supports people around the world who are trying to do things based on their own initiative and that helps people expand their own potential. To this end, Honda strives to realize “the joy and freedom of mobility” by developing new technologies and an innovative approach to achieve a “zero environmental footprint.”
We are looking for qualified individuals with diverse backgrounds, experiences, continuous improvement values, and a strong work ethic to join our team.
If your goals and values align with Honda’s, we want you to join our team to Bring the Future!
Job description:
- The Product Cybersecurity Analyst is responsible for supporting the security and integrity of our organization's connected products, connected vehicles and services. The Product Cybersecurity Analyst will assess and analyze potential cybersecurity risks, vulnerabilities, and threats associated with our connected products throughout their lifecycle. The Product Cybersecurity Analyst will have experience in cybersecurity, risk assessment, and product development processes, they will contribute to the development and maintenance of secure and resilient products, protecting our customers and maintaining their trust. This experience includes the ability to bring industry experience, awareness and knowledge to be the technical expert in this domain of product cybersecurity.
Key accountabilities:
- Cyber Risk Assessment and Mitigation:
Knowledge of cyber risk assessment and mitigation strategies across the systems' life cycle; ability to assess risks timely and propose countermeasures.
Conducts comprehensive security assessments of our products, analyzing potential risks, vulnerabilities, and threats throughout their lifecycle.
Identifies security gaps and recommends effective controls, processes, and technologies to mitigate risks.
Develops risk mitigation strategies and provides recommendations to product development teams to minimize potential risks and improve overall product security.
Performs risk assessments to identify potential cybersecurity threats and vulnerabilities associated with the product.
Analyzes insights from various departments to design cyber risk assessment techniques.
Designs risk assessment techniques to identify weaknesses and vulnerabilities.
Develops key risk indicators and threat models by partnering with key stakeholders and asset owners to categorize the severity of the risk.
Compares effectiveness of risk mitigation countermeasures against organizational policies, processes, and strategies.
Leads the implementation of cyber risk assessment activities for the respective function.
Drives improvements or modifications to existing cyber risk assessment techniques.
- Cross-functional Collaboration:
Knowledge of collaborative techniques and approaches; ability to promote a culture of continuous improvement and working together across functions to solve business problems and meet business goals.
Collaborates with cross-functional teams, including product development, engineering, and quality assurance, to ensure security measures are integrated into the product lifecycle.
Collaborates with product managers and development teams to ensure security requirements are integrated into product specifications and design processes.
Coordinates with external vendors, researchers, and security communities to gather intelligence on emerging vulnerabilities and apply necessary remediation measures.
Assists in communicating shared goals with diverse groups and parties.
Initiates collaborative meetings and discussion regarding product security and privacy under guidance.
Shares information, thoughts, and resources with colleagues from other functions.
Builds a network of cross functional teams with diverse expertise and capabilities.
- Application Security Management:
Knowledge of the tools and processes for maintaining application security; ability to design and implement security programs to prevent data loss and access intrusion from web and mobile applications.
Supports incident response activities related to product security incidents, working closely with the incident response team to investigate and remediate incidents.
Knows the organization's operational technology security standards.
Lists the applications used in the organization to support product security and privacy.
Understands the methods to perform source code review.
Explains the types of vulnerabilities that exist in applications used in organization.
Describes the techniques for application and unit testing.
- Data Privacy:
Knowledge of data privacy; ability to protect an organization's data, particularly data privacy while storing, extracting, and circulating individual or business-related data.
Analyzes the impact of identified risks on the product's security, integrity, and customer data.
Utilizes privacy standards when sharing, accessing, and storing data.
Uses software and hardware systems to protect product data.
Coordinates data privacy protection activities within and across departments.
Conducts regular tests on information management processes to ensure the safety of business data.
Assists in the development of data privacy protection projects.
- Cybersecurity Governance:
Knowledge of various cybersecurity frameworks, guidelines, and policies to facilitate alignment to defined standards; ability to ensure compliance of systems and processes to cybersecurity requirements.
Defines and documents product security requirements, aligned with industry standards, regulatory frameworks, and best practices.
Analyzes various methods required for the assessment of processes against set protocols and regulatory standards.
Research about new cybersecurity requirements and their implications on the organizational environment.
Reviews the existing frameworks and tools in the cybersecurity domain and identifies scope for improvement.
Performs a regular check on the relevant processes to ensure compliance with policy and risk mitigation.
Assists in identifying the effectiveness of existing and new cybersecurity policies.
- Cybersecurity Standards and Policies:
Knowledge of developing cybersecurity policies, standards, and procedures; ability to develop and communicate policies, standards and procedures that guide interactions with customers.
Contributes to the development and enhancement of incident response playbooks and procedures specific to product security incidents.
Follows efficient and effective auditing and compliance reporting.
Provides feedback for improvement of procedures and policies.
Assists in the development and implementation of specific cybersecurity policies and procedures.
Participates in the development of organizational cybersecurity policies and standards.
Generates status reports for senior management to ensure the implementation of cybersecurity standards and policies.
Workstyle:
- Hybrid: 2 to 3 days per workweek at Honda office at Marysville, OH
#LI-Hybrid
Minimum educational qualifications:
- Bachelor’s degree or higher in Electrical Engineering, Computer Science or related discipline and 12 years of demonstrated functional work experience related to product cybersecurity
- Desired Certifications: CISSP, CISA, CSSLP, CPSIRT, or equivalent is highly desirable.
Minimum qualifications:
- 12+ years of IT business experience
- Minimum of 10 years within the automotive industry with demonstrated understanding of vehicle safety systems architecture and product regulations that can be applied to product cybersecurity
- Minimum of 7 years of experience with industry regulations and their application within a large organization e.g, NHTSA, Auto- ISAC (Product, IT, and OT working groups), ISO 26262, ISO/SAE 21434 and UNR-155
- Minimum of 7 years of demonstrated planning, development, and implementation of large organizational programs
- Accuracy and Attention to Detail: Understanding the necessity and value of accuracy; ability to complete tasks with high levels of precision.
- Analytical Thinking: Knowledge of techniques and tools that promote effective analysis; ability to determine the root cause of organizational problems and create alternative solutions that resolve these problems.
- Managing Multiple Priorities: Knowledge of effective self-management practices; ability to manage multiple concurrent objectives, projects, groups, or activities, making effective judgments as to prioritizing and time allocation.
- Data Gathering & Analysis: Knowledge of data gathering and analysis tools, techniques, and processes; ability to collect and synthesize data from a variety of stakeholders and sources in an objective manner to reach a conclusion, goal, or judgment.
- Decision Making and Critical Thinking: Knowledge of the decision-making process and associated tools and techniques; ability to accurately analyze situations and reach productive decisions based on informed judgment.
- Domain Knowledge: Knowledge of a specific domain, its current trends, directions, and regulatory considerations; ability to apply domain-specific knowledge to relevant situations.
- Problem Solving: Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply knowledge of problem solving appropriately to diverse situations.
- Producing Results: Understanding of the criticality of getting things done in spite of current circumstances and the ability to utilize assigned resources and leverage back-channel resources (individuals or teams) to achieve or exceed planned outcomes.
- Standard Operating Procedures: Knowledge of established standard operating procedures (SOP); ability to design, implement and evaluate standard operating procedures affecting daily and strategic business operations in order to increase operational efficiency.
Visa sponsorship:
- This position is not eligible for work visa sponsorship.
What differentiates Honda and makes us an employer of choice?
Total Rewards:
• Competitive Base Salary (pay will be based on several variables that include, but not limited to geographic location, work experience, etc.)
• Regional Bonus (when applicable)
• Manager Lease Car Program (No Cost - Car, Maintenance, and Insurance included)
• Industry-leading Benefit Plans (Medical, Dental, Vision, Rx)
• Paid time off, including vacation, holidays, shutdown
• Company Paid Short-Term and Long-Term Disability
• 401K Plan with company match + additional contribution
• Relocation assistance (if eligible)
Career Growth:
• Advancement Opportunities
• Career Mobility
• Education Reimbursement for Continued learning
• Training and Development Programs
Additional Offerings:
• Lifestyle Account
• Childcare Reimbursement Account
• Elder Care Support
• Tuition Assistance & Student Loan Repayment
• Wellbeing Program
• Community Service and Engagement Programs
• Product Programs
• Free Drinks Onsite
Honda is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, veteran status, or any other protected factor.
Nearest Major Market: Columbus
Nearest Secondary Market: Dublin