Company Background:

Genuine Parts Company founded in 1928 and based in Atlanta, Georgia, is a leading specialty distributor engaged in the distribution of automotive and industrial replacement parts and value-added services. The Company operates a global portfolio of businesses with more than 10,000 locations across the world, employing 63,000 people.

The GPC Global Technology Center in Krakow, established in 2022 by Genuine Parts Company, is an innovative research and development facility supporting GPC’s digital transformation efforts.

The hub is focused on the development of advanced technologies and solutions that support GPC's operations and growth.

The GPC Global Technology Center team works on a wide range of projects, assisting in areas such as e-commerce and data platforms, supply chain solutions, selling systems, and cybersecurity. This is home to a team of highly skilled IT engineers who are dedicated to driving innovation and delivering cutting-edge solutions for GPC.

Position Purpose:

The IT Sr. Manager, Identity & Access Management is responsible for providing leadership in the areas of Identity and Access Management with special emphasis on Identity and Access Management for employees, customers and privileged access management. This position will lead the management of the Identity Access Management function and will safeguard Genuine Parts Company global brands by promoting, implementing and supporting controls to manage risks associated with identity. Through collaboration with other IT and company stakeholder leaders, this role will help ensure our Identity Access and Provisioning posture is strong, proactive and aligns with our current and future business objectives.

This role is responsible for assisting in design and support of the GPC enterprise-wide identity, access management and governance strategy that meets the needs of our current and future acquired operational locations. The person in this position is responsible for providing expert advice and effective oversight of information security and technology risk activities to identify, assess, control, and manage identity and access risks throughout Genuine Parts Company. This role is charged with overseeing identity risk aggregation, correlation of risk, and reporting in support of enterprise-wide objectives. This role will lead our Identity & Access Management team to meet both regulatory and contractual regulatory obligations.

Responsibilities:

• Serves as an internal information security consultant to the enterprise while balancing the needs of the day-to-day business.
• Include focus and expertise in Privileged Access Management (PAM), Customer Identity Access Management (CIAM), Identity Governance and Administration (IGA) and Employee Identity Access Management (EIAM) to include Single Sign on and Multi-factor authentication.
• Research and recommend solutions that meet security standards while ensuring functionality for business continuity.
• Develop security test scenarios for unit, process, function, integration, and acceptance testing.
• Design integration schema and linkage for multi-platform business and technological solutions.
• Evaluates the security of new technologies and assists with the plan to integrate them into the company environment.
• Help develop the policies and procedures in conjunction with the established IT governance channels to manage the use and operation of these systems
• Recommend best practices for security controls without hindering functionality.
• Define the minimum access and identity configuration standards for all IT systems.
• Evaluates new and proposed security systems and technologies.
• Reviews, develops, test, and implements security plans, products, and control techniques.
• Develops guidelines for the usage, control, maintenance, and auditability of information and computer resources.
• Lead and manage a specialized security team across the globe.

Desired Qualifications & Experiences: 

• BS/BA degree and specialized information security technical training required. An advanced degree is a plus.
• A reputable security certification (CISSP, CISSP w/specialization HCISPP, GIAC, CISA, etc.) is required
• A minimum of 6 years of progressive Information Security experience.
• A minimum of 3+ years of management experience leading information security.
• Identity & Access Management to include governance experience is required.
• Experience in security architecture design is a plus.
• Consistent track record of leadership, teamwork, and delivering high-impact results.
• Working knowledge of workday & PeopleSoft ERP are a plus.
• Working knowledge of IAM platforms are a plus
• In-depth knowledge of the information security industry and regulatory obligations (Sarbanes-Oxley (SOX), HIPAA, GLBA, PCI DSS, HITRUST, NIST Framework, etc.).
• Working knowledge of Microsoft Active Directory.
• Ability to analyze all layers of the OSI model from the security stance.
• Prepare and present plans/designs to IT and business leaders.
• Advocate the integration of solutions into the enterprise directory structure.
• In-depth knowledge of networking technologies and architecture.
• Prioritize tasks effectively to meet project deadlines and deliverables.
• ITIL familiarization - managing incidents, requests, and changes. Experience is a plus.
• Experience in managing teams in multicultural environments across different time zones.

Additional Knowledge, Skills and Attributes (Underlying skills and abilities that enable the execution of duties and responsibilities)

Knowledge of:

• Federal, state and global laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);
• Industry security standards (e.g., NIST),
• Platform independent information security policy and standards.
• E-commerce/e-business security related strategies, policies, and standards.
• Enterprise security awareness program practices that incrementally create organizational security awareness and education.
• Compliance programs to help ensure conformity with established enterprise security policies, practices, and standards.
• Risk assessment processes for the protection of electronic information assets; and
• Large scale Wide Area Network and multiple platform environments with both decentralized and centralized focuses.

Skills including:

• Superior analytical skills to identify high-risk security breach opportunities with the ability to develop solutions to prevent, correct, detect, or mitigate security risks via people, processes and technology.
• Ability to relate business requirements and risks to technology implementation for security-related activities.
• Ability to collaborate with IT&S and business area professionals to identify/recommend applicable security practices/controls rather than dictating security methods.
• Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care.
• Solid project management and collaboration skills, especially in a cross-functional dynamic team environment.
• Excellent oral and written communication skills with the ability to present and discuss technical information in a manner that establishes rapport, persuades others, and allows the individual to increase understanding of subject matter.
• Working both independently and with key stakeholders to develop security policy and standards.
• Taking initiatives toward personal development such as maintaining skills and obtaining professional certifications (e.g., Information Systems Security Association, Certified Information Systems Security Professional, etc.).

Location:

Krakow/hybrid

Not the right fit?  Let us know you're interested in a future opportunity by joining our Talent Community on jobs.genpt.comor create an account to set up email alerts as new job postings become available that meet your interest!

GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.