Ford Motor Company is a global leader in mobility and technology. The Information Security Policy (ISP) Analyst role focuses on developing and modernizing information security policies and procedures, while ensuring compliance and risk management across the organization.
Facilitate the creation and modernization of information security policies, standards, procedures and guidelines
Work with cross-functional and cross regional Authors and Subject Matter Experts (SMEs) with varying levels of business/technical skills
Lead the Policy, Control and Risk (PCR) governance process to support risk/control changes, regulatory requirements, emerging technologies, and enterprise objectives
Execute reviews to ensure proper efficacy, conciseness, and alignment
Facilitate risk assessments by performing quantitative and qualitative analysis of risk data on Application and Infrastructure Risk/Control Framework
Provide consultation and direction to IT and business teams pertaining to the ISP
Promote ISP awareness with audience specific training and communications
Partner with Authors and SMEs on communication efforts to inform Key Information Security Stakeholders of new and updated policy documents
Research industry best practices and consult advisory groups
Identify and implement policy process improvements, integration and automation opportunities
Incorporate future policy enhancements and innovations into the Governance, Risk and Compliance (GRC) strategy
Identify policy portal defects and tool enhancements
Produce monthly policy operations and project metrics
Support the policy exception request (PER) process, reporting and governance
Qualification
Required
Bachelor's degree in a Technical Discipline
1-3 years of experience working with ISO 27001/2 standards, Information Security policies, or IT risks and controls
Excellent verbal and written communication
Strong organizational skills; able to advance multiple work streams concurrently
Preferred
Process improvement mindset
Experience performing IT risk assessments
Knowledge of application development and IT security and controls
Prior experience working with GRC and Policy Management tools
Understanding of Compliance and Regulatory requirements e.g. (S-Ox, HIPAA, GLBA etc.)
Benefits
Immediate medical, dental, vision and prescription drug coverage
Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
Vehicle discount program for employees and family members and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
Paid time off and the option to purchase additional vacation time.
