Threat and Exposure Management Analyst at Toyota USA

Overview Who we are

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for talented team members who want to Dream. Do. Grow. with us.

An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company- delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experience in an innovative, collaborative environment.

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position at this time.Who we’re looking for

Toyota Financial Services (TFS) Technology team is looking for a highly motivated person to fill a role as a Threat and Exposure Management analyst, experienced in the integration, automation and continuous improvement of Threat Exposure Management systems and processes. Candidate would leverage their expertise in the areas of vulnerability management, secure configuration management, risk prioritization, web application scanning, Cloud and API security to help improve and continuously evolve the program.

This person will be a self-directing, organized, and effective communicator (verbal and written) who can transfer industry, business, and stakeholder requirements into scalable, cost efficient, and performance driven solutions.

This role requires strong technical expertise in cybersecurity, and the ability to collaborate effectively with cross-functional teams.

What you’ll be doing

• Will be responsible for vulnerability management processes including scanning, assessment, and remediation tracking.

• Prioritize risks based on business impact and threat intelligence to guide remediation efforts.

• Collaborate with IT and business units to ensure timely resolution of identified vulnerabilities.

• Establish and maintain security governance frameworks and reporting mechanisms.

• Assist in the development of metrics and dashboards to communicate risk posture to stakeholders.

• Stay current with emerging threats, vulnerabilities, and industry best practices.

• Proposing and developing meaningful reporting to highlight key areas of risk, illustrate risk reduction, over time, and to provide actionable information for customers/stakeholders

• Leveraging scripting languages and API’s to facilitate automation, data collection and reporting

• Creating, maintaining, and driving domain-level standardized solution testing, evaluation, and operational procedures

• Creating and reviewing domain documentation to meet and exceed internal and regulatory requirements and ensure consistency across all security engineering teams

• Support incident response activities by providing context on vulnerabilities and exposures.

What you bring

• Good experience in threat and vulnerability management, risk assessment, secure configuration management and multi-discipline security principles.

• Basic understanding of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls.

• Proficiency with vulnerability management tools and platforms (e.g., Qualys, Tenable, Rapid7).

• Certifications such as CISSP, CISM, CRISC, or similar are highly desirable. 6+ years of progressive, broad-based Information Security (IS) experience participating in projects and playing a key role toward successful security operations

• Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.

• Strong communication skills, with the ability to collaborate effectively with cross-functional teams and articulate technical concepts to non-technical stakeholders.

• Experience with cloud security and enterprise risk management is a plus.

• Experience with the integration of security tools, disparate data types and systems automation is a plus.

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent years of experience in the role.

Added bonus if you have

• Experience with developing and implementing enterprise security policies.

• Knowledge of cybersecurity regulations and compliance requirements.

• Experience with threat modeling and attack surface management.

• Security incident response and coordination experience.

• Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree preferred.

What we’ll bring

During your interview process, our team will provide detailed information about our industry-leading benefits and career development opportunities. Here are a few highlights:

• A work environment built on teamwork, flexibility, and respect.

• Professional growth and development programs to help advance your career, including tuition reimbursement.

• Team Member Vehicle Purchase Discount.

• Toyota Team Member Lease Vehicle Program (if applicable).

• Comprehensive health care and wellness plans for your entire family.

• Toyota 401(k) Savings Plan with a company match, plus an annual retirement contribution from Toyota regardless of your own contributions.

• Paid holidays and paid time off.

• Referral services for prenatal services, adoption, childcare, schools, and more.

• Tax advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).

• Relocation assistance (if applicable).

Belonging at Toyota

Our success begins and ends with our people. We embrace all perspectives and value unique human experiences. Respect for all is our North Star. Toyota is proud to have 10+ different Business Partnering Groups across 100 different North American chapter locations that support team members’ efforts to dream, do and grow without questioning that they belong.

Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.

Have a question, need assistance with your application or do you require any special accommodations? Please send an email to talent.acquisition@toyota.com.