Cyber Security Analyst

At Ford Motor Company we believe freedom of movement drives human progress. We also believe in providing you with the freedom to define and realize your dreams. With our incredible plans for the future of mobility we have a wide variety of opportunities for you to accelerate your career potential as you help us define tomorrows transportation.

As a key member of our Information Technology group youll play a critical part in shaping the future of mobility. If youre looking for the chance to leverage advanced technology to redefine the transportation landscape enhance the customer experience and improve peoples lives this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to helpcreate vehicles that are as smart as you are.

The Information Security Policy (ISP) Analyst role is responsible for driving visibility understanding and consistency of the information security policies standards procedures and guidelines which govern the use of information data technology processing systems and facilities throughout Ford.

What youll be able to do:

• Facilitate the creation and modernization of information security policies standards procedures and guidelines
• Work with cross-functional and cross regional Authors and Subject Matter Experts (SMEs) with varying levels of business/technical skills
• Lead the Policy Control and Risk (PCR) governance process to support risk/control changes regulatory requirements emerging technologies and enterprise objectives
• Execute reviews to ensure proper efficacy conciseness and alignment
• Facilitate risk assessments by performing quantitative and qualitative analysis of risk data on Application and Infrastructure Risk/Control Framework
• Provide consultation and direction to IT and business teams pertaining to the ISP
• Promote ISP awareness with audience specific training and communications
• Partner with Authors and SMEs on communication efforts to inform Key Information Security Stakeholders of new and updated policy documents
• Research industry best practices and consult advisory groups
• Identify and implement policy process improvements integration and automation opportunities
• Incorporate future policy enhancements and innovations into the Governance Risk and Compliance (GRC) strategy
• Identify policy portal defects and tool enhancements
• Produce monthly policy operations and project metrics
• Support the policy exception request (PER) process reporting and governance

Qualifications

The minimum requirements we seek:

• Bachelors degree in a Technical Discipline
• 1-3 years of experience working with ISO 27001/2 standards Information Security policies or IT risks and controls
• Excellent verbal and written communication
• Strong organizational skills; able to advance multiple work streams concurrently

Our preferred requirements:

• Process improvement mindset
• Experience performing IT risk assessments
• Knowledge of application development and IT security and controls
• Prior experience working with GRC and Policy Management tools
• Understanding of Compliance and Regulatory requirements e.g. (S-Ox HIPAA GLBA etc.)