Cybersecurity Risk Engineer Director

We are the movers of the world and the makers of the future. We get up every day roll up our sleeves and build a better world -- together. At Ford were all a part of something bigger than ourselves. Are you ready to change the way the world moves

Enterprise Technology plays a critical part in shaping the future of mobility. If youre looking for the chance to leverage advanced technology to redefine the transportation landscape enhance the customer experience and improve peoples lives this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

This job is posted as REMOTE but designated as HYBRID with up to three days per week onsite may be required for candidates within commuting distance from our Dearborn . (Eastern Time Zone Central Time Zone preferred)

Visa sponsorship is NOT available for this position.

We are seeking a highly skilled and strategic Cyber Security Risk Engineer Director to lead our core cybersecurity risk engineering functions. This critical leadership role demands a deep technical understanding and a hands-on approach to designing building and owning the robust security capabilities that protect our enterprise. You will be instrumental in developing and implementing engineering strategies and solutions across Governance Risk and Compliance (GRC) Patch and Configuration Management Business Impact Analysis (BIA) tooling (including its application to Business Continuity and Disaster Recovery) and Proactive Security Analysis responsibilities. A key aspect of this role is partnering closely with key security teams across the organization ensuring they are equipped with the advanced tools and capabilities necessary to effectively protect the organizations assets and operations.

• Cyber Security Engineering Strategy Ownership & Leadership:
  • Define develop and execute a forward-thinking cybersecurity engineering strategy that directly reduces organizational risk and aligns with business objectives.
  • Take direct ownership of the design architecture and implementation of innovative security solutions and controls ensuring their effectiveness and scalability.
  • Drive a culture of engineering excellence continuous improvement and automation across all security domains.
  • Provide expert technical guidance and thought leadership on emerging cyber threats vulnerabilities and advanced risk mitigation engineering strategies to senior leadership and technical teams.
  • Manage the engineering budget and technology roadmap for core security platforms optimizing investments for maximum security posture improvement.
  • Partner extensively with key stakeholdersacross the organizationto understand their operational needs provide them with the necessary engineering tools platforms and capabilities and enable their success in protecting the enterprise.
• Governance Risk and Compliance (GRC) Engineering & Audit Compliance:
  • Lead the engineering development and ongoing maintenance of GRC platforms and tools ensuring they effectively support risk management compliance and audit requirements.
  • Drive the automation of GRC processes including continuous control monitoring risk assessments and compliance reporting to enhance efficiency and accuracy.
  • Engineer solutions that facilitate seamlessrisk audit compliancefor the organization proactively identifying and addressing control gaps.
  • Collaborate with GRC audit and legal teams to translate regulatory requirements and internal policies into actionable auditable engineering controls and solutions.
  • Develop and maintain a risk-based cyber control program focusing on the engineering aspects of control design implementation and effectiveness measurement across the enterprise.
• Patch and Configuration Management Engineering:
  • Direct and own the engineering efforts for enterprise-wide patch and configuration management programs ensuring the secure compliant and consistent state of all systems and applications.
  • Lead the development and implementation of advanced automated solutions for vulnerability remediation patch deployment and secure configuration enforcement across diverse IT and OT environments.
  • Establish engineer and enforce methodologies and standards for secure configuration baselines ensuring adherence to internal policies and industry best practices.
  • Drive initiatives to proactively identify and mitigate configuration drift unauthorized changes and critical patch vulnerabilities minimizing the attack surface.
  • Oversee the engineering of robust monitoring and reporting mechanisms for patch compliance and configuration adherence metrics.
• Business Impact Analysis (BIA) Tool Engineering for BCP/DR:
  • Lead the engineering deployment and operational aspects of the Business Impact Analysis (BIA) tool ensuring its effectiveness in identifying critical business processes their dependencies and associated cyber risks.
  • Collaborate with business units and continuity planning teams to define robust requirements for the BIA tool and integrate it with relevant data sources to support comprehensiveBusiness Continuity Planning (BCP) and Disaster Recovery (DR) processes.
  • Engineer the BIA tool to accurately capture Recovery Time Objectives (RTOs) Recovery Point Objectives (RPOs) and detailed impact justifications for potential disruptions directly feeding into BCP/DR strategies.
  • Drive the automation of BIA data collection analysis and reporting to support resilient business operations and rapid recovery capabilities.
• Proactive Analysis Engineering:
  • Provide strategic engineering leadership and deep technical expertise focusing on the security posture and operational defense of our critical applications.
  • Lead the development and implementation of advanced security monitoring threat detection and automated response capabilities specifically tailored for application-layer threats.
  • Drive the automation of application security incident playbooks response workflows and forensic capabilities to improve efficiency and reduce mean time to respond (MTTR).
  • Collaborate closely with development DevOps and traditional SOC teams to embed security by design throughout the application development lifecycle and ensure seamless engineered incident handling.

• Bachelors degree in Computer Science Information Security Engineering or a related technical field. Masters degree highly regarded.
• 10 years of progressive experience in cybersecurity with at least 5 years in a leadership or director-level role focused on securityengineeringandownership.
• Proven ability advising influencing and developing solution architectures in global organizations with complex enterprise technology environments.
• Proven track record of building leading and mentoring high-performing technical security engineering teams.
• Deep technical expertise and hands-on experience in designing implementing and managing solutions across multiple areas: GRC platforms (e.g. ServiceNow GRC Archer) patch/configuration management tools (e.g. SCCM Ansible Puppet) BIA methodologies/tools and comprehensive Application Security.
• Strong understanding of industry security frameworks and regulations (e.g. NIST ISO 27001 GDPR SOX HIPAA PCI DSS) and experience engineering for compliance.
• Expert-level understanding of cloud security principles and extensive experience engineering security solutions within major cloud providers (GCP Azure).
• Ability to identify prioritize and weigh different options and recommend a constructive solution
• Proficiency in scripting and automation languages (e.g. Python PowerShell Go) for security operations and infrastructure as code.
• Excellent communication interpersonal and presentation skills with the ability to articulate complex technical concepts and strategic roadmaps to both highly technical teams and executive leadership.

Preferred Skills & Certifications:

• Relevant industry certifications such as CISSP CISM CGEIT CRISC CCSP OSCP or equivalent.
• Experience with Agile/DevOps methodologies and DevSecOps principles.
• Demonstrated ability to thrive in a fast-paced dynamic and complex technical environment.
  

You may not check every box or your experience may look a little different from what weve outlined but if you think you can bring value to Ford Motor Company we encourage you to apply!

As an established global company we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe or keep you close to home Will your career be a deep dive into what you love or a series of new teams and new skills Will you be a leader a changemaker a technical expert a culture builderor all of the above No matter what you choose we offer a work life that works for you including:
Immediate medical dental vision and prescription drug coverage
Flexible family care days paid parental leave new parent ramp-up programs subsidized back-up child care and more
Family building benefits including adoption and surrogacy expense reimbursement fertility treatments and more
Vehicle discount program for employees and family members and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
A generous schedule of paid holidays including the week between Christmas and New Years Day
Paid time off and the option to purchase additional vacation time.

This position is a leadership level 5.

For more information on salary and benefits click here: position is a range of salary grades LL5.

This job is posted as REMOTE but designated as HYBRID with up to three days per week onsite may be required for candidates within commuting distance from our Dearborn . (Eastern Time Zone Central Time Zone preferred)

Visa sponsorship is NOT available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race religion color age sex national origin sexual orientation gender identity disability status or protected veteran status. In the United States if you need a reasonable accommodation for the online application process due to a disability please call 1-.

#LI-Remote