Descripción de la oferta
OverviewThe IT Security & Controls Senior Analyst is a crucial member of the IT team, responsible for understanding and supporting the financial entity’s security posture with awareness of compliance requirements with relevant regulations and industry best practices. This role requires a blend of technical expertise, analytical skills, and a strong understanding of security principles, risk management frameworks and compliance regulations. This is a leadership role demanding strong communication, analytical, and problem-solving skills, and would provide guidance and mentoring for Security & Controls Junior analysts.ResponsibilitiesEngage at Group level (Ford Motor Company, Ford Motor Credit Company) on new control policies, standards and guidelines and advise Software Engineering teams through understanding of the Corporate Information Security Policies.Conduct Security & Risk assessments of Third-party ICT service providers across FCE (IT due diligence reviews), ensuring they comply with the most up-to-date and highest quality information security standards.Identify and report compliance gaps with relevant security regulations and industry standards (e.g., SOX, GDPR, DORA, NIST).Lead on remediation of complex IT Security & Controls related audit findings and internally identified control gaps, including high level co-ordination of corrective actions and defining learnings and best practices.Identify/recommend and, where needed, present material on various topics to support in-house security & controls awareness & training, or related reporting required at FCE committee meetings (e.g. Exec Operational Risk & Resilience Committee).FCE representative at FS-ISAC (Financial Services Information Sharing and Analysis Center) events and seminars.Engage with Integral Ford Credit security teams and central FMC Cyber Defence Team, contributing to long and short term strategy updates.Research latest cyber trends and offer insights and suggestions for enhancing cyber security and defence within FCE IT.Attend external seminars and expo events in relation to cyber security and present findings back to the FCE IT Cyber Team and to Software Engineering teams.Responsible for FCE Cyber Incident Response Plan, and its awareness by the Cyber Incident Response Team (CIRT).QualificationsBachelor’s degree (or equivalent applied experience/professional qualification)At least one of the following certifications (credentials of validity to be provided):CRISC (Certified in Risk and Information Systems Control) or equivalentCISM (Certified Information Security Manager) or equivalentCISSP (Certified Information System Security Professional) or equivalentCISA (Certified Information Systems Auditor)Cloud security certifications from major cloud providers (AWS, Azure, GCP) / demonstrable expertise in securing cloud environments.Knowledge, Skills & AbilitiesStrong controls mindset, and a background in system development and management - with proven experience (+3 years) in IT Security function, or equivalent experiences.Familiar with ICT related regulations (SYSC8, PRA, EBA, BaFin, DORA).Demonstrable experience with SOC 2 Type II reports, ISO 27001 or usage of similar standards.Good understanding of cybersecurity threats and best practices, including knowledge of common attack vectors, security controls, and incident response procedures.Strong prioritisation, co-ordination, organisational and communication skills, and a proven ability to balance workload and competing demands to meet deadlines.Clear and concise writing skills for creating reports and documentation, including security requirements, procedures, and policiesExcellent verbal and written communication skills in English (minimum of B2-Upper Intermediate Level), with ability to communicate and facilitate discussions with diverse audiences, both IT and business, internal and external.Critical thinking skills
#J-18808-Ljbffr