Global Cybersecurity Manager

Proactively implement a program that identifies, assesses, and mitigates cyber risks, thereby reducing the likelihood and impact of cyberattacks. Also aligns the cybersecurity efforts with the organization's strategic goals and keeps a balance between protecting critical assets and enabling business growth to support in maintaining the organization's reputation and financial stability.

• Cybersecurity Detection and Response Strategy: Develop and implement a cybersecurity strategy for IT information systems that aligns with the organization's overall goals and cyber risk tolerance ensuring that the organization is prepared to be cyber resilient through the Identification of critical assets, Preparation with response protocols, Detection capabilities, Response execution and recover after incident.
• Threat Intelligence and Monitoring: Ensure that the latest cyber threats and vulnerabilities are continuously monitored and incorporate defense mechanisms to systematically identify new threats.
• Incident Response Planning: Develop and maintain an incident response plan to ensure that there are protocols in place in the event of a cybersecurity incident related to our organizational IT systems like SAP, Office 365, Active Directory, etc. Includes implementation of cybersecurity incident simulations to prepare the organization in how to respond to cybersecurity incidents.
• Vulnerability Assessment and Management: Regularly assess the organization's systems and infrastructure for vulnerabilities and ensure IT areas perform the patching of systems and that vulnerabilities are mitigated.
• Security Compliance and Regulation: Ensure technical compliance with relevant cybersecurity controls regulations, standards, and industry-specific requirements; also, that new vulnerabilities are communicated to IT areas for the corresponding mitigations and monitored until closure.
• Security Operations Center (SOC) Management: Oversee the operations of a SOC, if applicable, which involves monitoring and responding to security incidents on a 24/7 basis. Ensure the effectiveness of the SOC and enable contractual accountability from SOC suppliers.
• Third-Party Risk Management: Assess the cybersecurity risk associated to IT architecture of new systems, services and suppliers impacting IT information systems (for finance, HR, Purchasing, etc.) during acquisition processes and changes, complementing Global Operations Technology Cybersecurity Manager role.
• Security Technology Selection: As a subject matter expert on Cybersecurity, evaluate, recommend, and define cybersecurity technologies and tools to enhance the organization's security posture. Define the information security requirements for IT applications to comply with our policies and regulations.
• Cybersecurity Detection and Response Organization: Develop the structure of internal resources and external services required to properly operate a Cyber-Defense organization that is properly articulated to contain and eradicate threats.
• Incident Management: In the event of a cyber security incident, act as an Incident Manager coordinating the efforts within the organization, executives, directors, plant managers, communication, legal, insurance and external suppliers to enable the corresponding contention actions. Enable Digital Forensics and Incident Response services to contain and eradicate threats. Ensure incidents are documented and lessons learned are extended to avoid the recurrence of the incidents.

• Career: Bachelor Computer systems, Engineering
• Master Cybersecurity
• Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• English Proficient Required
• Spanish Native Desired

At Nemak, Diversity, Equityand Inclusion (D&I) play a fundamental role in everythingwe doand are the underlying platform on whichourculture isbuilt. We foster a culture that is safe, respectful, fair and inclusive for all of our employees and job applicants. Our value proposition relies on innovation and cross-cultural teamwork, which is only possible when we strive for belonging and commitment to Diversity, Equity and Inclusion. We understand the impactequalityand of varied perspectives that welcome better ideas to solve complex problems for improvement and transformation.

We are proud to have bias-free conditions of employment, including recruiting, hiring, placement, and promotions, and we welcome all our employees and job applicants. We strongly prohibit any form of workplace harassment or discrimination based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status.