Company Background
Established in 1928, Genuine Parts Company is a leading global service provider of automotive and industrial replacement parts and value-added solutions. Our Automotive Parts Group operates across the U.S., Canada, Mexico, Australasia, France, the U.K., Ireland, Germany, Poland, the Netherlands, Belgium, Spain and Portugal, while our Industrial Parts Group serves customers in the U.S., Canada, Mexico and Australasia. We keep the world moving with a vast network of over 10,700 locations spanning 17 countries supported by more than 63,000 teammates. Learn more at genpt.com.
Position Summary
The GPC Data Protection Manager leads the enterprise strategy to detect, investigate, and mitigate risks originating from within the organization. This individual drives the governance of the Data Loss Prevention platforms and manages a cross-functional program that balances security with operational agility, focusing on protecting sensitive intellectual property (IP), financial data, and regulatory assets.
Key Responsibilities
- Program Governance: Define and drive the multi-year technical roadmap for insider risk, aligning it with business needs and global privacy laws (e.g., GDPR, CCPA, DORA).
- Behavioral Detection: Oversee User and Entity Behavior Analytics (UEBA) to establish behavioral baselines and detect anomalies, such as unusual data movement or unauthorized use of generative AI tools.
- Data Protection Management: Lead the selection, deployment, and optimization of the Data Protection stack (e.g., Microsoft Purview and Cyera) to identify and block risky data exfiltration.
- Incident Investigation: Participate with Global Incident Response team on deep-dive investigations into high-risk alerts, collaborating with Legal and HR to ensure ethical and defensible evidence collection.
- AI Guardrails: Implement specific controls to monitor and prevent sensitive data leaks into external Large Language Models (LLMs) and manage "prompt injection" risks.
- Metrics & Reporting: Develop real-time dashboards to quantify risk posture and program effectiveness for executive leadership and the board of directors.
- Talent Cultivation: Prioritize hiring adaptable specialists who can navigate hybrid security environments and AI-driven threats.
- Mentorship & Coaching: Move from traditional surveillance-heavy oversight to a coaching-based model, providing "real-time nudges" that educate employees on secure data handling rather than just penalizing mistakes.
Location:
Krakow/hybrid
Not specified
Required Skills & Qualifications
- Management: Experience in managing at least 10 employees.
- Experience: Typically requires 5–10 years in cybersecurity or risk management, with a focused background in insider threat analysis or data protection.
- Technical Proficiency: Extensive experience with data discovery/cataloging and insider risk tools.
- Analytical Mindset: Proficiency in querying large datasets using SQL or Python to identify emerging threat patterns and fraud indicators.
- Soft Skills: Strong cross-functional collaboration skills, with the ability to influence without direct authority and translate technical risks into business impact.
- Certifications: Preferred credentials include CISSP (Security), or CISM (Management).
