Cyber Security Spec

At Ford Motor Company, we believe freedom of movement drives human progress. We also believe in providing you with the freedom to define and realize your dreams. With our incredible plans for the future of mobility, we have a wide variety of opportunities for you to accelerate your career potential as you help us define tomorrow's transportation.

As a key member of our Information Technology group, you'll play a critical part in shaping the future of mobility. If you're looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people's lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to helpcreate vehicles that are as smart as you are.

The Enterprise Cyber Security GRC Analyst, a pivotal role within GRC (Governance, Risk, and Compliance) Cyber Services, holds a highly visible position contributing to our strategic objectives. This role is primarily responsible for coordinating and supporting Cybersecurity Assessments for the Enterprise Cyber Compliance space. Complementing this, the GRC Analyst will also lead and conduct comprehensive risk assessments to drive organizational understanding and consistent risk mitigation strategies.

• Coordinate and support Cybersecurity Assessments and third party IT Security Assessments.

• Track and ensure compliance with cybersecurity regulations at the state, federal, and global levels.

• Cultivate relationships with other stakeholders and Consult with subject matter experts on various skill teams (e.g., GDI&A, Corporate Security, In-Vehicle/Mobility Cyber Security, HR, Internal Controls, Internal Audit, Cyber Security, IT Product Driven Organizations).

• Maintain the internal regulation and assessment process, SharePoint site, and global tracking systems.

• Research the Company's internal Information Security Policy, Finance Manual policies & procedures, GIS standards and controls, Directives and Standards. As well as supporting the development of security standards / guidelines and provide security guidance on core and emerging technologies.

• Create and deliver tailored training materials, presentations, and reports for different audiences.

• Support efforts to automate processes, enhancing existing programs and utilizing available technology.

• Strengthen global risk management by facilitating detailed risk assessments for high-risk assets.

• Maintain and improve process documentation, including updating Archer GRC data element associations.

• Bachelor's degree in IT or relevant business discipline.

• 3+ years of Risk Assessment, 3rd party risk assessment, IT policy experience.

• 3+ years of Security and Controls, IT audit, or equivalent experience (security controls are technical/administrative safeguards put in place to help avoid risk).

• Demonstrated C2 level of English proficiency, enabling effective communication and collaboration in a global environment.

• Strong knowledge of ISP, and Security and Controls and compliance tools.

• Knowledge of several ISO standards (including 27001) and regional regulations (including GDRP, NIS, NIS2, IT SiG).

• Archer GRC Risk Management and Component Assessment tools.

• Strong organizational skills, able to advance multiple work streams concurrently.

• Strong Customer Relationship Management, communication and presentation skills.

• Excellent analytical and problem-solving skills.

• Strong organizational skills able to advance multiple work streams concurrently.