Manager, Cybersecurity

Manager, Cybersecurity

Our new global headquarters is conveniently located in Irvine, CA near John Wayne Airport in the Park Place development. For our onsite and hybrid employees you will be able to enjoy amenities such as access to many restaurants and shops, running trails, a fitness deck, outdoor seating, dry cleaning, car wash, free garage parking, car charging stations, shuttle service for train commuters, outdoor games like bocce, horseshoes, gaming tables, pickle ball, and basketball. For more information on Park Place visit parkplaceirvine.com.

Who We Are:

Ever wonder who brings the entertainment to your flights? Panasonic Avionics Corporation is 1 in the industry for delivering inflight products such as movies, games, WiFi, and now Bluetooth headphone connectivity!

How exciting would it be to be a part of the innovation that goes into creating technology that delights millions of people in an industry that’s here to stay! With our company’s history spanning over 40 years, you will have stability, career growth opportunities, and will work with the brightest minds in the industry. And we are committed to a diverse and inclusive culture that will help our organization thrive! We seek diversity in many areas such as background, culture, gender, ways of thinking, skills and more.

If you want to learn more about us visit us at www.panasonic.aero. And for a full listing of open job opportunities go to www.panasonic.aero/join-us/.

The Position:

JOB SUMMARY

Manages the overall security of PAC’s IFEC products and services in accordance with aviation-specific security standards and best practices. Responsible for securing and testing PAC products that are integrated into ground and aircraft networks. Provides strategic and tactical guidance to business decision-makers in identifying and mitigating security vulnerabilities. Responsible for identifying, evaluating, and reporting on security risks in a manner that meets or exceeds compliance and regulatory requirements. Oversee security testing activities and be the primary resource responsible for ensuring application security testing is conducted according to industry best practices.

MAJOR RESPONSIBILITIES

Product Security

• Works closely with the Product Engineering team to review technical documents for products or software solutions to ensure security is integrated into the PAC products.
• Review technical designs and ensure alignment with Aviation Industry Security Standards and technical bulletins.
• Manages the ongoing vulnerability, scanning, and assessment process and partners with other IT teams to resolve vulnerabilities in a timely manner to maintain compliance.
• Manages team of Product Security Engineers tasked with management of security tools, systems and processes including - Logging / PKI certificate management / airside system and network security / vulnerability assessment / regulatory compliance.
• Technical expertise within Product Security who represents Panasonic Avionics Corporation in technical discussions with our airline customers or OEM manufacturers
• Reduce regulatory compliance risk due to the inability to demonstrate compliance with various security controls for ISO27001:2022 certifications and OEM security audits
• Key participant in the Aviation –ISAC to manage and remediate cyber risk through threat intelligence sharing and best practices.
• Maintain and coordinate PKI certification operations and HSM signing services to support PAC business operations.

Product Security Operations

• Responsible for aircraft security log implementation and log collection to support PAC’s airline customers security monitoring programs.
• Lead product security’s vulnerability management and penetration testing programs to support aircraft hardware and software.
• Participate in OEM product security audits and remediate security findings to support OEM security standards and provide technical guidance to various business units.
• Troubleshoot security event logging technology and input into log correlation architecture
• Develop enabling anomaly detection technology requirements and drive successful implementation for PAC products in the aircraft to improve security posture and assurance.
• Use the integrated information to detect and respond to system attacks
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in security operations
• Coordinate with SWE and Product Engineer Management to resolve Product security design defects or vulnerabilities that are identified in aircraft hardware and software
• Lead PCI-SSF Payment application recertification for Panasonic Avionics payment applications
• Provide the metrics and reporting framework to measure the efficiency and effectiveness of the security programs, facilitate appropriate resource allocation, and increase the maturity of the information security.

Incident Response

• Experience in information security incident response and operational management
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
• Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions
• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas
• Test incident response capabilities

The salary or hourly wage range of $131,000 – $220,000 is just one component of Panasonic’s total package. The final offer amount may vary based on factors including but not limited to individual’s knowledge, skills, experience, and location. In addition, this role may be eligible for discretionary bonuses and incentives. The minimum hourly wage for this role will be the greater of the posted range, or minimum wage for the location where the employee will be working, subject to local minimum wage requirements.

What We’re Looking For:

KNOWLEDGE/SKILL REQUIREMENTS

• Articulate with strong verbal and written communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Must be a critical thinker with strong problem-solving skills.
• Lead OEM Audits and ensure that PAC’s cybersecurity program aligns with aviation industry standards and best practices.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Knowledge of security and control frameworks such as those defined by NIST, PCI-DSS, and OEM security standards.
• Deep understanding of security architecture and engineering discipline, processes, concepts and best practices.
• High degree of initiative, dependability and ability to work both collaboratively and independently.
• Works with other Executives and Senior Managers to establish strategic plans and objectives. Makes final decisions on administrative or operational matters and ensures operational goal achievement.
• Works on complex issues where analysis of situations or data requires an in-depth knowledge of the company. Participates in corporate development of methods, techniques and evaluation criteria for projects, programs, and people.
• Deep understanding of cryptography, authentication, authorization, network security protocols, and product security implementation.

EDUCATION/EXPERIENCE REQUIREMENTS

• Bachelors’ degree in Information Systems or related field. (Master’s degree a plus)
• Industry certifications such as CISSP, CCSP, CISM, GCIH, GSEC or equivalent experience
• Hold a current penetration testing certification such as GPEN, CEH, and/or OSCP
• 5 years of related work experience with product security, secure software development, risk assessment, or vulnerability management
• Experience with large security control testing programs and/or security projects, e.g. product hardware control testing, product software testing, and security implementation of products with aircraft.
• Prior experience with information security frameworks, secure network architecture and design, cloud computing, and secure application architecture/design preferred.
• Knowledge of applicable industry standards, leading security practices, and regulatory requirements
• Demonstrated acumen in the security protection of IT systems and processes.
• Maintains network service operational resiliency by risk-based assessments and architectural alignment.
• Creates awareness of emerging vulnerabilities, develops remediation plans and ensures effective communication of any impact to company products and services.
• Remain current on constantly emerging Cybersecurity threats to ensure continual protection of assets and company/customer information.
• Full management authority concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Collaborate with key subject matter experts, both internal and external to analyze and assess the current and future threat landscape. Develop and continuously improve a comprehensive security program that addresses identified risks.