With a proud history in Australia and New Zealand’s automotive and engineering industries, our more than 6,000 team members benefit from almost a century of knowledge, experience, and passion. Our name, Genuine Parts Company provides a clue to the foundation of our success. We genuinely care for our people. Our brands are synonymous with quality and reliability in the automotive aftermarket and have enormous recognition across our region.

Role Purpose

Reporting to the GPC APAC GRC Manager, the Cyber Security GRC Analyst will work across all IT projects and operations to ensure solutions and IT services align to policies and standards as well as maintain obligatory compliance standards.

This role will involve working closely with the global GRC team, as well as the IT teams to ensure security standards are implemented and maintained. This role will conduct a variety of Governance, Risk and Compliance (GRC) duties such as ensuring PCI-DSS compliance, collaboratively manage and reduce vulnerabilities and security risks with the business stakeholders.

Key Responsibility Areas (KRA)

• Focused on reduction of risk in the organisation, continual cyber maturity uplift, and vulnerability and risk remediation with regards to IT, M&A, 3rd Party Risk
• Analyse IT and cyber security technical issues, articulating into IT risks, conduct risk owner management, treatment plan management, metrics and reporting of overall risk posture
• Work with the risk owners and their IT team to develop plans for remediation that meet business needs and drive alignment across key stakeholders
• Run security awareness campaigns, phishing campaigns and perform reporting of security awareness metrics
• Manages continual improvement and alignment to NIST framework and PCI-DSS requirements within the organisation.  Identifies gaps, develops and recommends target and transitional security activities/projects/programs to close gaps
• Excellent documentation and conceptual strategic thinking abilities.  Must be able to breakdown ideas/recommendations into simple, well-articulated, easily understood tasks that are achievable
• Undertake M&A due diligence, risk, and cyber security assessments to highlight security gaps and rate risks associated with M&A environment, systems and services
• Work with the business and broader IT group to categorise, document and agree remediation roadmap, exemption or acceptance of risks
• Work with Legal and Assessors.  Consult for the business in their compliance obligations and maintenance of high standards; alignment to GPC global security policies and standards, and other industry regulations and standards such as PCI-DSS, NIST, etc.  
  

Core competencies

• Ability to problem solve and overcome obstacles
• Able to adapt to changing priorities
• Ability to coordinate relationships with and between key stakeholders,
• Demonstrating excellent stakeholder management, internal and external
• Attention to detail
• Governance – Security policies, standards and procedures
• Cyber Security Risk Management
• Cyber Security Vulnerability Management
• Communicates effectively, both verbal and written
• Ability to plan, organise and prioritise work to ensure time is used effectively and deadlines are met
• Takes ownership and accountability of tasks
• Inspire self and team members in creating Genuine Service moments
• Be highly visible, live the Company values and lead by personal example

WHS

• Take proactive action to ensure that WHS practices and policies are in place to provide a safe environment for all team members, and adhere to legislative requirements, company expectations and other safety initiative
• Visibly show commitment to WHS through participation in formal and informal discussions, workplaces visit and monthly audits
  ​

Other:

• Understand and demonstrate behaviour in accordance with all Company policies and procedures, including Code of Conduct, Discrimination, Bullying and EEO and all applicable laws whilst ensuring continual compliance with relevant legislation relevant to the role including WHS
• Be able to work flexibly to align with teams located in different timezones and geographical regions
• Infrequent travel interstate or overseas may be required
• All other reasonable tasks as directed by Manager