Facilitate risk assessments by performing quantitative and qualitative analysis of risk data on Application and Infrastructure Risk/Control Framework needs, and work with partners in business and IT to ensure seamless execution of processes and timely delivery
Cultivate relationships with other stakeholders and Consult with subject matter experts on various skill teams (e.g., GDI&A, Corporate Security, Ford Credit, In-Vehicle/Mobility Cyber Security, HR, Internal Controls, Internal Audit, Cyber Security, IT Product Driven Organizations) and data element owners
Support and expand the implementation of the Component Assessment, Detailed Risk Assessment, Risk Scenario, Compliance Inquiry Management and Vulnerability Remediation processes
Research Ford Information Security Policy, Finance Manual policies & procedures, GIS standards and controls, Directives and Standards. As well as supporting the development of security standards / guidelines and provide security guidance on core and emerging technologies
Create and delivery audience specific training, presentations and reports
Assist with the identification of control deficiencies and associated risks
Lead and expand the control guidance and automating / centralization / standardizing programs by enhancing existing processes and utilizing existing technology.
Drive the level of automation / centralization for control library and control implementation processes. Develop and drive control related programs.
Be responsible for process improvements, including initiating, creating, updating process documentation and Archer GRC data element associations.
Track regulatory compliance for Cybersecurity per state, federal and global requirements
Lead and manage cybersecurity assessments and third- party due diligence questionnaires
Maintain the internal regulation and assessment process, sharepoint site, and global tracking
Ideal candidate will be someone with IT security background, not provisioning experience more audit and compliance focused with exposure to several areas of IT Security and an understanding of the security concepts. Application/System support with broad experience covering change management, access controls, etc.
Degree Type:
Bachelor's degree in a Technical Discipline
Technical Skills Required:
3+ years of experience in risk management
Knowledge of Information Security Policy and Standards.
Excellent verbal and written communication.
Customer Relationship Management skills
Analytical mindset with desire to learn, and drive for success
Self-Starter who can work in ambiguous situations and drive to a solution.
Adaptability of managing two separate but coherent styles of work: one focused on predictability; the other on exploration
1-3 years of Security and Controls, IT audit, or equivalent experience (security controls are technical/administrative safeguards put in place to help avoid risk)
Nice to Have:
Infrastructure Engineering and/or Support
1-3 years of risk assessment, 3rdparty risk assessment, IT policy experience
2-4 years of application and systems support with broad experience covering change management, access controls and how new technology (apps and infra) are implemented and/or decommissioned in an enterprise environment.
Project Management
Ability to follow a disciplined approach to drive for results
Knowledge of Application Development Lifecycle
Experience with GitHub, Jenkins, and multiple security code testing tools.
Familiar with Ford processes, procedures, and organization.
Other:
Strong organizational skills; able to advance multiple work streams concurrently
Not afraid to ask questions with a willingness to self-train and volunteer