IT Security and Controls Analyst

Security & Controls –Analyst

The FCE IT Security & Controls Team sits in the First Line of Defence, under the FCE IT Director who holds the/an SMF24 role in FCE, and has members spread amongst the Software Engineering sites for Ford Credit (UK, Spain, Germany, India). The team works closely with FC Information Security Officers and ICT Risk at the Second Line of Defence. 

 

 

Key Responsibilities: 

 

Security, Controls & Compliance: 

• Leverage a comprehensive understanding of Company policies, standards and guidelines and industry best practices to a) collaborate at Group level (Ford Motor Company, Ford Motor Credit Company) to continually improve those control documents and b) advise Software Engineering teams on how to meet their controls responsibilities.  

When required preparation is in place, conduct Security & Risk assessments of Third-party ICT service providers across FCE (IT due diligence reviews), ensuring they comply with most up-to-date and highest quality information security standards.   

• Identify and report compliance gaps with relevant security regulations and industry standards (e.g., S-Ox, GDPR, DORA). 

• Support with remediation of complex IT Security & Controls related audit findings and internally identified control gaps, including high level co-ordination of corrective actions and follow-up of learnings and best practices documentation. 

• Support with continuous improvement of Information Security understanding by the Sw Engineering teams, and where needed present material to support in-house security & controls awareness.  

 

 

Cyber security:  

 

• Represent FCE at Information sharing organisations. Attend external seminars and expo events related to cyber security and present findings to the FCE IT Cyber Team and to the Risk, Security and Software Engineering communities. 

• Engage with Global Ford Credit security teams and central FMC Cyber Defence Team, to ensure FCE requirements are reflected in strategy. 

• Provide insights, and identify opportunities for enhancing cyber security and defence by actively engaging with relevant industry bodies to keep apprised of cybersecurity best practices, innovations, and trends. 

• Support FCE Executive Cyber Incident Response Plan (CIRP) updates, revising in response to changes to threats, risks and regulatory changes. 

Help with the understanding of FCE CIRP plan by the Cyber Incident Response Team and stakeholders. 

Essential: 

• Minimum Engineering Degree or equivalent in a technical discipline (ideally Information Technology, Cybersecurity or related field). 

• Proven experience (5+ years) in an IT Security related function, or equivalent experiences 

• Strong controls mindset, and a background in system development or management  

• Good understanding of cybersecurity threats and best practices, including knowledge of access management principles, penetration testing, etc. 

• Good prioritisation, co-ordination, organisational and communication skills, and a proven ability to balance workload and competing demands to meet deadlines. 

• Clear and concise writing skills for creating reports and documentation, including security requirements, procedures, and policies. 

• Critical thinking skills to assess risks and security solutions. 

 

 

Desirable: 

• Acquired any of the following certifications, or equivalent: 

• CRISC (Certified in Risk and Information Systems Control) or equivalent 

• CISM (Certified Information Security Manager) or equivalent 

• CISSP (Certified Information System Security Professional) or equivalent 

• CISA (Certified Information Systems Auditor) 

• Understanding of how cost effective resilience is achieved through the use of Business Impact Assessments, Business Continuity Planning and Disaster Recovery Planning 

• Demonstrable experience with SOC 2 Type II reports, ISO 27001 or similar standards. 

• Familiar with any ICT related regulations (e.g. SYSC8, PRA, EBA, BaFin, DORA). 

• Experience in a regulated financial environment. 

• Understanding of the overall business of Ford Credit

Experience Level

Mid Level