Cyber Security Analyst

At Ford Motor Company, we believe freedom of movement drives human progress. We also believe in providing you with the freedom to define and realize your dreams. With our incredible plans for the future of mobility, we have a wide variety of opportunities for you to accelerate your career potential as you help us define tomorrow’s transportation.

As a key member of our Information Technology group, you’ll play a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

The Information Security Policy (ISP) Analyst role is responsible for driving visibility, understanding and consistency of the information security policies, standards, procedures and guidelines which govern the use of information, data, technology, processing systems, and facilities throughout Ford.

Qualifications

The minimum requirements we seek :

• Bachelor's degree in a Technical Discipline
• 1-3 years of experience working with ISO 27001/2 standards, Information Security policies, or IT risks and controls
• Excellent verbal and written communication
• Strong organizational skills; able to advance multiple work streams concurrently

Our preferred requirements :

• Process improvement mindset
• Experience performing IT risk assessments
• Knowledge of application development and IT security and controls
• Prior experience working with GRC and Policy Management tools
• Understanding of Compliance and Regulatory requirements e.g. (S-Ox, HIPAA, GLBA etc.)

What you’ll be able to do :

• Facilitate the creation and modernization of information security policies, standards, procedures and guidelines
• Work with cross-functional and cross regional Authors and Subject Matter Experts (SMEs) with varying levels of business/technical skills
• Lead the Policy, Control and Risk (PCR) governance process to support risk/control changes, regulatory requirements, emerging technologies, and enterprise objectives
• Execute reviews to ensure proper efficacy, conciseness, and alignment
• Facilitate risk assessments by performing quantitative and qualitative analysis of risk data on Application and Infrastructure Risk/Control Framework
• Provide consultation and direction to IT and business teams pertaining to the ISP
• Promote ISP awareness with audience specific training and communications
• Partner with Authors and SMEs on communication efforts to inform Key Information Security Stakeholders of new and updated policy documents
• Research industry best practices and consult advisory groups
• Identify and implement policy process improvements, integration and automation opportunities
• Incorporate future policy enhancements and innovations into the Governance, Risk and Compliance (GRC) strategy
• Identify policy portal defects and tool enhancements
• Produce monthly policy operations and project metrics
• Support the policy exception request (PER) process, reporting and governance