Sr. Director, Cyber Services

Job Description About Ford Come help build a better world, where every person is free to move and pursue their dreams. Ford Motor Company was built on the belief that freedom of movement drives human progress. It's a belief that has fueled our passion to create great cars and trucks. And today, it drives our commitment to become the world's most trusted mobility company, designing vehicles for a smart world that helps people move more safely, confidently, and freely. Ford is experiencing significant business transformation in an ever-changing propulsion and digital world, and we are looking for exceptional talent to join us on this journey. About Enterprise Technology Enterprise Technology plays a critical part in shaping the future of mobility. If you're looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people's lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are. The Opportunity The Sr. Director, Cybersecurity Services plays a critical leadership role in developing and executing the company's overall cybersecurity strategy. This individual will be responsible for the strategic direction, operational management, and continuous improvement of multiple cybersecurity service areas, ensuring the confidentiality, integrity, and availability of company data and systems. The successful candidate will possess strong technical skills, excellent communication abilities, and proven experience in leading and mentoring a team. Responsibilities What you'll be able to do? Consulting & Advisory Services: Provide expert-level cybersecurity consulting and advisory services to various business units, aligning security solutions with business objectives and risk appetite. Conduct risk assessments, vulnerability analyses, and penetration testing to identify and mitigate potential security threats. Develop and maintain a comprehensive cybersecurity roadmap, aligning with industry best practices and regulatory requirements. Advise on the selection, implementation, and maintenance of security technologies and solutions. Stay abreast of emerging cybersecurity threats and vulnerabilities, providing proactive recommendations for mitigation. Governance, Risk & Compliance Services: Develop and maintain a robust cybersecurity governance framework, ensuring compliance with relevant industry standards, regulations (e.g., GDPR, HIPAA, PCI DSS), and internal policies. Oversee the development and implementation of security policies, procedures, and standards. Manage the security incident response process, ensuring timely and effective response to security incidents. Conduct regular security audits and assessments to ensure ongoing compliance and identify areas for improvement. Develop and maintain key performance indicators (KPIs) to measure the effectiveness of cybersecurity programs. Communication, Training & Awareness Services: Develop and deliver comprehensive cybersecurity awareness training programs for employees at all levels. Create and disseminate security communications, keeping employees informed about current threats and best practices. Develop and maintain a strong security culture within the organization. Manage internal and external communications regarding security incidents and breaches. Security Assurance Services: Oversee the implementation and maintenance of security controls across all company systems and infrastructure. Lead security architecture design and review processes. Manage security testing and vulnerability management programs. Develop and maintain security baselines and standards. Conduct regular security assessments and audits to ensure the effectiveness of security controls. Data Protection Services: Develop and implement data loss prevention (DLP) strategies and technologies. Oversee the implementation and maintenance of data encryption and access control mechanisms. Ensure compliance with data privacy regulations. Manage data breach response and recovery efforts. Application Security Services: Oversee the secure development lifecycle (SDLC) for all applications. Conduct security code reviews and penetration testing of applications. Work with developers to implement secure coding practices. Manage application security vulnerabilities and remediation efforts. Project Management & Vendor Management: Partner with Enterprise Project and Engineering Office (EPEO) and external technology/solution providers to design, build/integrate, test, and implement new security products and upgrades to existing products. Develop and manage project plans and budgets for cybersecurity initiatives. Oversee vendor relationships and ensure the delivery of high-quality security services. Create detailed "bills of materials" for infrastructure and technology implementations. Provide oversight and ensure the sustainable delivery of all in-scope security services. Qualifications The minimum requirements we seek Bachelor's Degree in Computer Science, Engineering, Information Security, or a related field. 7+ years of experience in a cybersecurity engineering role, including experience in multiple areas such as security architecture, incident response, vulnerability management, and compliance. Experience as a Security Engineer or Machine Learning Engineer is highly desirable. Our preferred requirements Masters degree preferred. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001). Experience with cloud security technologies (e.g., AWS, Azure, GCP). GCP certifications are a plus. Excellent communication, presentation, and interpersonal skills. Proven ability to lead and mentor a team. Strong project management and organizational skills. Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP). Experience with specific security technologies relevant to the company's infrastructure. Experience managing large-scale cybersecurity projects. Experience with scripting languages (e.g., Python, PowerShell). What you'll receive in return As part of the Ford family, you'll enjoy excellent compensation, and a comprehensive benefits package that includes generous PTO, retirement, savings and stock investment plans, incentive compensation, and much more. You will experience a "Work from Anywhere" structure and the support needed to be successful in a remote environment. You'll also experience exciting opportunities for professional and personal growth and recognition. Candidates for positions with Ford Motor Company must be legally authorized to work in the United States on a permanent basis. Verification of employment eligibility will be required at time of hire. Visa sponsorship is not available for this position. Ford Motor Company is an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call .

Created: 2024-11-05