Ford Pro Tech and FCSD Tech – Product Manager, Cyber Security

Are you a leader passionate about solving business problems and serving customers? The Ford Pro and FCSD Cyber Security team is seeking a fun, energetic, creative, and organized individual that can help advise and guide the security posture for the Ford Pro and FCSD Tech solutions both internally managed and externally managed. Our group is the Business Information Security team within Ford Pro and we are looking to expand our capability to support FCSD Tech. You can make an immediate impact by building a team of security professionals.  Seeking a leader to help drive overall strong security posture for applications, mitigating vulnerabilities and looking to mature the adoption of the Ford DevSecOps tooling/processes. Also, maintain a pulse on the overall compliance and align with Enterprise Services to bring enterprise security services to both Ford Pro and FCSD Teams.

Position responsibilities:

The Cyber Security Product Manager will be responsible for partnering with team to drive compliance and efficiency leveraging the agile framework. Advise and guide teams within on Enterprise Cyber Services, document expectations related to cyber and compliance. Work with product teams to enable delivery of secure solutions at market speed through education, automation, tool adoption an risk-based decision making. 

Position Qualifications:

• Advise and guide tech/business teams to ensure compliance with corporate policies to deliver the Ford+ plan
• Contribute to roadmap for Cyber Security maturity
• Ability to prioritize multiple tasks, handle transactional day-to-day interactions and deliver enhancements to the Cyber processes and handle iterative planning
• Ability to define educational approach for security and compliance topics across Ford Pro and FCSD addressing multiple personas (software engg, product teams, traditional end user, etc)
• Define and develop metrics to measure progress / security posture
• Collaborate across Ford Pro Tech, Information Tech Operations (ITO), Enterprise Architecture, Enterprise Connectivity and Enterprise Cyber Security organizations 
• Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
• Work with all regular security and compliance annual activities and education plan for all Ford Pro teams to ensure compliance with corporate policies (Information Security Policy, Code of Conduct, etc.) to deliver Ford+ plan.
• Able to cross between technology and business topics with ease and understanding
• Self-starter capable of operating independently and adapting to dynamic needs
• Work with operational teams to identify OICs, design control improvement plans and work with internal control on closure through GRC processes
• Partner with Office of General Counsel (OGC), General Auditors Office (GAO) and Internal Control teams, as needed
• Support Ford GAO audits, as required

Partner with Cyber Defense during Incident response for Ford Pro teams, as required

Minimum qualifications:

• Bachelor's degree in Business, Cyber Security, Risk Mgt, IT application management, Computer Science, or Engineering field
• 5+ years with progressive leadership responsibilities leading teams of 4-7 individuals
• 3+ years of security, software engineering, product delivery 

Nice to have qualifications:

• Ford Customer Service and/or Ford Pro domain knowledge
• Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc
• Strong understanding of Security Engineering concepts around key management, authorization, Cloud Security etc
• Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
• Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
• Working knowledge of API Security 
• Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
• Experience with vulnerability management with understanding of CVEs, CWEs and how to research and manage risks.
• Comfortable communicating with different levels and audiences effectively to gain attention collaboratively while not causing panic or animosity.
• A strong drive to keep learning new tools, ideas, techniques, and methodologies to change culture to one based on building security and privacy into solutions from inception.
• Motivated to support compliance to standards and policies as foundational to security
• Experience supporting cloud-based platforms in an enterprise environment such as: Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS).
• Experience working with GCP and particularly securing GCP assets and development pipelines.
• Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents
• Experience working with GAO and/or Internal Control
• Certifications are highly valued (CISSP, CISA, CISM, etc)
• Ability to work collaboratively with others and navigate complex decision making.

Join our team as we create the future of the commercial landscape and deliver secure and always-on solutions.

We believe in putting people first, working together, and facing challenges head-on.