IT Security

This role requires a blend of technical expertise, analytical skills, and a strong understanding of security principles, risk management frameworks and compliance regulations.

This is a leadership role demanding strong communication, analytical, and problem-solving skills, that would provide guidance and mentoring for Security & Controls Junior analysts.

Essential:

• Degree in IT, Cybersecurity, or related field (minimum 2:2 or international equivalent).
• Experience in IT Security, with a strong controls mindset and background in system development or management.
• Familiarity with SOC 2 Type II, ISO 27001, or similar standards.
• Solid understanding of cybersecurity threats, controls, and incident response.
• Strong organizational, communication, and documentation skills.
• Ability to assess risks and develop practical security solutions.

Desirable:

• Certifications such as CRISC, CISM, CISSP, CISA.
• Knowledge of ICT regulations (e.g., DORA, SYSC8, BaFin).
• Experience in financial services or regulated environments.
• Cloud security expertise (AWS, Azure, GCP).
  Experience in security awareness and training.

The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability

This position is based in Dunton, and it is expected the successful candidate will be able to attend the Dunton office for typically 4 days a week and remain flexible on the days they are required to attend the office according to business requirements.

As part of our pre-employment checks process, successful candidates will be required to undergo a criminal record check. This will be conducted in line with the Rehabilitation of Offenders Act 1974 and applied only to unspent convictions.

Security, Controls & Compliance:

• Leverage a comprehensive understanding of Company policies, standards and guidelines and industry best practices to a) collaborate at Group level (Ford Motor Company, Ford Motor Credit Company) to continually improve those control documents and b) advise Software Engineering teams meeting their controls responsibilities. Conduct Security & Risk assessments of Third-party ICT service providers across FCE (IT due diligence reviews), ensuring they comply with most up-to-date and highest quality information security standards.
• Identify and report compliance gaps with relevant security regulations and industry standards (e.g., SOX, GDPR, DORA).
• Lead on remediation of complex IT Security & Controls related audit findings and internally identified control gaps, including high level co-ordination of corrective actions and defining learnings and best practices.
• Identify/recommend and where needed present material on various topics to support in-house security & controls awareness & training, or related reporting required at FCE committee meetings (e.g. Exec Operational Risk & Resilience Committee).

Cyber security:

• Represent FCE at FS-ISAC (Financial Services Information Sharing and Analysis Center) events and seminars.
• Engage with Global Ford Credit security teams and central FMC Cyber Defence Team, to ensure FCE requirements are reflected in long and short term strategy updates
• Provide insights, and identify opportunities for enhancing cyber security and defence by actively engaging with relevant industry bodies to keep apprised of Cyber security best practices, innovations, and trends.
• Attend external seminars and expo events in relation to cyber security and present findings back to the FCE IT Cyber Team and to Software Engineering teams.

Maintain the FCE Cyber Incident Response Plan, revising in response to changes to threats and risks, and disseminating the plan to the Cyber Incident Responses Team.