Ford Risk Assessment Analyst 

Mexico, State of Mexico, Nezahualcóyotl 

86123059

Responsibilities may include:

• Facilitate risk assessments by performing quantitative and qualitative analysis of risk data on Application and Infrastructure Risk/Control Framework needs, and work with partners in business and IT to ensure seamless execution of processes and timely delivery
• Cultivate relationships with other stakeholders and Consult with subject matter experts on various skill teams (e.g., GDI&A, Corporate Security, Ford Credit, In-Vehicle/Mobility Cyber Security, HR, Internal Controls, Internal Audit, Cyber Security, IT Product Driven Organizations) and data element owners
• Support and expand the implementation of the Component Assessment, Detailed Risk Assessment, Risk Scenario, Compliance Inquiry Management and Vulnerability Remediation processes
• Research Ford Information Security Policy, Finance Manual policies & procedures, GIS standards and controls, Directives and Standards. As well as supporting the development of security standards / guidelines and provide security guidance on core and emerging technologies
• Create and delivery audience specific training, presentations and reports
• Assist with the identification of control deficiencies and associated risks
• Lead and expand the control guidance and automating / centralization / standardizing programs by enhancing existing processes and utilizing existing technology.
• Drive the level of automation / centralization for control library and control implementation processes. Develop and drive control related programs.
• Be responsible for process improvements, including initiating, creating, updating process documentation and Archer GRC data element associations.
• Track regulatory compliance for Cybersecurity per state, federal and global requirements
• Lead and manage cybersecurity assessments and third- party due diligence questionnaires
• Maintain the internal regulation and assessment process, sharepoint site, and global tracking
• Ideal candidate will be someone with IT security background, not provisioning experience more audit and compliance focused with exposure to several areas of IT Security and an understanding of the security concepts. Application/System support with broad experience covering change management, access controls, etc.

Degree Type:

• Bachelor's degree in a Technical Discipline

Technical Skills Required:

• 3+ years of experience in risk management
• Knowledge of Information Security Policy and Standards.
• Excellent verbal and written communication.
• Customer Relationship Management skills
• Analytical mindset with desire to learn, and drive for success
• Self-Starter who can work in ambiguous situations and drive to a solution.
• Adaptability of managing two separate but coherent styles of work: one focused on predictability; the other on exploration
• 1-3 years of Security and Controls, IT audit, or equivalent experience (security controls are technical/administrative safeguards put in place to help avoid risk)

Nice to Have:

• Infrastructure Engineering and/or Support
• 1-3 years of risk assessment, 3^rdparty risk assessment, IT policy experience
• 2-4 years of application and systems support with broad experience covering change management, access controls and how new technology (apps and infra) are implemented and/or decommissioned in an enterprise environment.
• Project Management
• Ability to follow a disciplined approach to drive for results
• Knowledge of Application Development Lifecycle
• Experience with GitHub, Jenkins, and multiple security code testing tools.
• Familiar with Ford processes, procedures, and organization.

Other:

• Strong organizational skills; able to advance multiple work streams concurrently
• Not afraid to ask questions with a willingness to self-train and volunteer