Senior Security Risk Technical Specialist job at Woven by Toyota in Ann Arbor, MI

Title: Senior Security Risk Technical Specialist Type:Hybrid Location: Ann Arbor United States Job Description: Woven by Toyota is enabling Toyota's once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation - expanding what "mobility" means and how it serves society. Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we're working toward one bold goal: a world with zero accidents and enhanced well-being for all. TEAM The security team at Woven by Toyota is on the cutting edge of many challenging security problems.We identify emerging security threats in autonomous vehicles and help design more secure systems.We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security. WHO ARE WE LOOKING FOR? We are looking for a Senior Security Risk Technical Specialist to lead information security risk management engagements such as technical risk assessments pertaining to Woven by Toyota's businesses and engineering work. You will identify risks and vulnerabilities by working with diverse internal and external stakeholders of varied technical and business backgrounds. You will work with technical product teams on assessing any security risks and manage those risks through their lifecycle. You will be expected to work with both highly technical teams and senior management. While this is a risk assurance position, given the cutting edge nature of projects that we work on (IoT, autonomous driving, vehicle OS), we are seeking a candidate with strong technical insight. Woven by Toyota Security demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. In this role you will report to an engineering manager, in a hybrid capacity requiring your presence on-site three days per week. RESPONSIBILITIES Lead/perform risk assessment engagements for products (IoT, autonomous driving, AI etc), enterprise, and related information systems or processes. Manage technical, process and human related information security risks and ensure compliance for information security policies and regulatory requirements by conducting technical, procedural and operational review of business processes and system controls Communicate and escalate risk issues to the appropriate level and department from frontline teams to senior management Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts for products and enterprise. Coordinate and validate business risk justification documents for internal and external governance programs Manage third party risk with both internal and external stakeholders MINIMUM QUALIFICATIONS 6+ years experience in Information Security 3+ years technical security experience securing products incorporating emerging technologies like IoT, AI, Automotive operating systems 1+ year of experience within Information Risk Management, IT audit or Security Governance function 1+ year of experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF, CMMC) Experience in highly regulated industries, ideally with retail product exposure and impact Technical expertise in the security field and experience with security architecture and ability to challenge risk assessments on the technical side Experience with multiple risk assessment methods including threat modeling (STRIDE, etc) High level of independence and autonomy in leading and performing engagements, including conducting interviews, with a complex set of corporate stakeholders Experience in IT auditing and technical assessments of networks, operating systems, cloud environments, etc Excellent written and verbal communication skills and ability to adapt communication to the audience skillset and level of responsibilities NICE TO HAVES Japanese language proficiency 5+ years of technical security experience out of the required 6+ years of Information Security experience 3+ years of experience within Information Risk Management, IT audit or Security Governance function 3+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF, CMMC) 1+ year of development and coding experience ideally in IoT, AI, automotive OS Experience with compliance especially security and privacy regulations Experience building enterprise governance, risk, and compliance programs Hands-on experience in configuring and working with GRC tools Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) WHAT WE OFFER We are committed to creating a modern work environment that supports our employees and their loved ones. We offer many options of the best programs to allow you to do your most meaningful work and to help you shape the future of mobility. ・Excellent health, wellness, dental and vision coverage ・A rewarding 401k program ・Flexible vacation policy ・Family planning and care benefits Our Commitment ・We are an equal opportunity employer and value diversity. ・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.