Sr. Analyst, Infrastructure and InfoSec

Overview
Who we are

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like  one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for talented team members who want to Dream. Do. Grow.

with us.

Job Summary

The position is responsible for providing direct technical support to the onsite infrastructure, facilities and network systems managed by TMCC. This position is also responsible to perform “hands-on” day to day coordination, analysis, testing, implementation, deployment, support, and monitoring for security operational processes, projects, or technologies. Also, it will audit, assess, implement and review security and risk processes and procedures to comply with Info Sec regulations.

Primary Job Accountabilities

Information / Cyber Security (Info Sec)

Security Governance

• Attain a strong understanding of business processes, policies, procedures, governance practices and regulatory requirements.
• Ensure that all processes and technologies are compliant with TFS Information Security standards (GISG, TMCC, etc.).
• Complete monthly report of Key Risk Indicators for IT Security Department including vulnerabilities scores, endpoint compliance, material incidents, etc.
• Provide Info Sec status to ERMC committee when needed.
• Identify non-compliance to security standards or controls and submit exceptions for approval.
• Provide status and metrics of information security activities and review with Information Security Officer (ISO) and AOR GISG regional representative for TCPR.
• Attend AOR Info Sec-GISG/GISS meetings to learn best practices and updated activities for Info Sec. Communicate updates pertaining to TCPR.

Access Administration

• Ensure that access to information assets is authorized by management and asset owners.
• Ensure that user access is monitored and regularly reviewed (attestation).
• Ensure that new hires are provisioned with appropriate equipment and access in a timely manner.
• Ensure the access for terminated users are removed in a timely matter.

Security Awareness

• Manage and conduct all required security training. Ensure that all team members and new hires complete the required security awareness training.
• Report to IT Manager the list of team members who are not in compliance with training or fail phishing tests.
• Comply with all continued education requirements, including professional courses, certifications, seminars, trainings, etc., to support the business need.

Information Asset Management

• Ensure that security requirements are addressed throughout the lifecycle of all TCPR assets.
• Ensure inventories of information assets; including on-premises/cloud network, servers/ workstations, operating systems, applications, and mobile computers and devices are securely configured and issued.
• Ensure with TMCC that all network devices, servers, workstations, mobile devices, and all other endpoints are protected and monitored for malicious activities.
• Ensure that security requirements are addressed throughout the lifecycle of all TCPR assets.
• Ensure inventories of information assets; including on-premises/cloud network, servers/ workstations, operating systems, applications, and mobile computers and devices are securely configured and issued.
• Ensure with TMCC that all network devices, servers, workstations, mobile devices, and all other endpoints are protected and monitored for malicious activities.

Vulnerability and Endpoint Management

• Identify and track system and application vulnerabilities.
• Perform research and analysis of complex vulnerability incidents until resolved to ensure compliance metrics are being met. This includes cross collaboration to obtain root cause, recommend and determine best fix and apply patch.
• Work with IT and other resources on vulnerability remediation plans including dates for remediation and responsibilities. Monitor status and progress of the remediation and report to IT Manager.
• Provide TCPR’s ISO with periodic status updates on remedial efforts.
• Monitor endpoint protection compliance to ensure…