The Manager of Cyber Security Audit in automotive Supply Chain Management is responsible for developing and implementing cyber security strategies and protocols that support the organization's supply chain management initiatives and activities in BMW Asia. This position will plan, design, and perform the cyber security Audit program as preventive actions to the key suppliers located in Asia during the project earlier phase. This position will work closely with a variety of stakeholders, including suppliers, engineers, and other business units, to establish and maintain effective security controls and practices.
• Develop and implement a cyber security strategy for the automotive supply chain that aligns with industry best practices and regulatory requirements.
• In cooperation with global cyber security team, lead the development and maintenance of all cyber security policies and procedures, ensuring they are effectively communicated and implemented to all stakeholders.
• Plan, design and perform cyber security audit program on key suppliers, identify potentials in advance, monitor suppliers’ status, until the countermeasures have been conducted and the supplier's security risk level reduced.
• Lead the emergency response team in Asia when a cybersecurity incident occurs with the supplier; collaborate with various business departments to complete the incident investigation, take emergency measures, reports to management and other stakeholders, and regularly track the issue until the problem is resolved.
• Manage all aspects of the cyber security program, including incident assessments, vulnerability management, incident response, and disaster recovery.
• Work collaboratively across the organization to improve the overall security posture of the automotive supply chain, including mitigation plans, threat modeling, and security testing.
• Select and manage the third-party vendors for cybersecurity activities; collaborate with third party vendor to complete the supplier's cybersecurity audit, track the project status, guide the third party's audit work, report the results to relevant stakeholders.
• Provide regular updates to senior management and other stakeholders on the status of cyber security audit activities, highlighting potential risks and recommending mitigation strategies.
• Implement other activities related to cybersecurity from management and other stakeholders, e.g. provide training and education to the internal business departments and external suppliers; complete further activities from management or other stakeholders related to cybersecurity activities.
• 4-6 years cyber security experience in a supply chain management environment, preferably in the automotive industry.
• 1-3 Years’ Experience managing several projects with cyber security professionals.
• 1-3 Years’ Experience with industry-specific regulations, such as NIST, ISO, SOC 2
• 1-3 Years’ Experience with cloud security technologies and practices. Strong understanding of cyber security principles and practices as they relate to supply chain management.
• Strong technical knowledge of cyber security technologies and practices, including experience with vulnerability management tools, security incident response planning, and disaster recovery procedures.
• Demonstrated ability to develop and implement effective cyber security strategies and protocols.
• Excellent communication skills, including the ability to educate and train supply chain stakeholders on cyber security best practices.
• Strong presentation skills, with experience presenting complex cyber security concepts to non-technical stakeholders.
• Ability to work collaboratively with a variety of stakeholders, including suppliers, engineers, and other business units.
• Willingness and ability to work in a team as well as in an intercultural working environment.
• Excellent time management skills, punctual, dedicated, and self-motivated, attention to detail
• Analytical thinking, mature, responsible, and result-oriented personality.
• Written and spoken English, German language preferred. Certifications and experience in cyber security (e.g., CISSP, CISM, CEH) preferred.