IT Security & Compliance Manager

The following information provides an overview of the skills, qualities, and qualifications needed for this role.

Tesla is looking for an IT Security and Compliance Manager to join our Global Risk and Compliance team. You will help run the risk and compliance efforts to design, evaluating, implementing, and improving Tesla’s IT Security Controls.

You will join the IT Compliance team as part of the CIO's organization and manage activities across the global organization.

The role will act as a liaison between the audit function and IT Security Teams across Tesla you will work with SMEs across the organization to mature / design security controls & mitigate risk and become a deep technical resource.

SOC 2 Energy Compliance : Develop and execute the annual SOC 2 energy plan,coordinating with both internal teams and external auditors.

Serve as the primary point of contact for all SOC audit-related matters. Prepare and review SOC audit documentation,ensuring its accuracy and completeness.

Track and manage remediation efforts for any identified audit findings

Vehicle Cybersecurity Compliance : Maintain meticulous compliance with vehicle cybersecurity regulations (UNECE 155 / 156, ISO 21434).

Serve as the primary liaison with external cybersecurity auditors and regulators. Guarantee the application of appropriate technical audit methodologies and scope

IT Policy Governance : Ensure compliance with data security policies and all relevant legal and regulatory requirements.

Maintain and evolve IT Security Policies across the organization

Monitoring & Reporting : Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes.

Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance posture

• Risk Management : Foster strong partnerships and coordinate with security teams, external auditors, management, and other testing groups to proactively address and mitigate risks
• Monitoring & Reporting : Develop and conduct in-depth analysis of reports and alerts to identify potential gaps and propose actionable changes.

Continuously monitor and actively contribute to the improvement of the organization's security, risk, and compliance posture

Continuous Improvement Continuously evaluate and proactively recommend enhancements to existing programs, practices, and technologies.

Identify areas for improvement, develop actionable plans, and execute to implement changes in a timely and efficient manner.

Ensure that all necessary changes and improvement actions are implemented as required

• 5-8 years of professional Cybersecurity, IT Risk and Compliance, and audit experience
• Experience in technical audit methodology (to be able to handle external auditors and regulators) is a must
• Experience implementing security frameworks, such as SOC 2, ISO 27001, UNCE R155 / R156, ISO 21434
• Strong technical knowledge in SDLC and software / firmware change management
• You have experience leading and mitigating risk in projects throughout an organization
• Understanding IT General Controls, Security Incident Handling, Data Classification and Handling, Data Privacy
• You have relevant knowledge and experience testing design and operation of IT General Controls for user access, change management, system integrations, and system development activities
• Fundamental understanding of including vehicle software, OTA updates, fleet management TCP / IP protocols, networking, network topology, operating systems, including Windows and Linux
• CISA, CISSP, CRISC, CISM, or other professional certifications / associations is a plus
• Big 4 Accounting Firm experience specializing in IT Risk & Compliance is preferred

J-18808-Ljbffr