Ford Pro Tech and FCSD Tech – Product Manager, Cyber Security
Chennai, Tamil Nadu, India
Ford Motor Company
Since 1903, we have helped to build a better world for the people and communities that we serve. Welcome to Ford Motor Company.Are you a leader passionate about solving business problems and serving customers? The Ford Pro and FCSD Cyber Security team is seeking a fun, energetic, creative, and organized individual that can help advise and guide the security posture for the Ford Pro and FCSD Tech solutions both internally managed and externally managed. Our group is the Business Information Security team within Ford Pro and we are looking to expand our capability to support FCSD Tech. You can make an immediate impact by building a team of security professionals. Seeking a leader to help drive overall strong security posture for applications, mitigating vulnerabilities and looking to mature the adoption of the Ford DevSecOps tooling/processes. Also, maintain a pulse on the overall compliance and align with Enterprise Services to bring enterprise security services to both Ford Pro and FCSD Teams.
Position responsibilities:
The Cyber Security Product Manager will be responsible for partnering with team to drive compliance and efficiency leveraging the agile framework. Advise and guide teams within on Enterprise Cyber Services, document expectations related to cyber and compliance. Work with product teams to enable delivery of secure solutions at market speed through education, automation, tool adoption an risk-based decision making.
Position Qualifications:
- Advise and guide tech/business teams to ensure compliance with corporate policies to deliver the Ford+ plan
- Contribute to roadmap for Cyber Security maturity
- Ability to prioritize multiple tasks, handle transactional day-to-day interactions and deliver enhancements to the Cyber processes and handle iterative planning
- Ability to define educational approach for security and compliance topics across Ford Pro and FCSD addressing multiple personas (software engg, product teams, traditional end user, etc)
- Define and develop metrics to measure progress / security posture
- Collaborate across Ford Pro Tech, Information Tech Operations (ITO), Enterprise Architecture, Enterprise Connectivity and Enterprise Cyber Security organizations
- Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
- Work with all regular security and compliance annual activities and education plan for all Ford Pro teams to ensure compliance with corporate policies (Information Security Policy, Code of Conduct, etc.) to deliver Ford+ plan.
- Able to cross between technology and business topics with ease and understanding
- Self-starter capable of operating independently and adapting to dynamic needs
- Work with operational teams to identify OICs, design control improvement plans and work with internal control on closure through GRC processes
- Partner with Office of General Counsel (OGC), General Auditors Office (GAO) and Internal Control teams, as needed
- Support Ford GAO audits, as required
Partner with Cyber Defense during Incident response for Ford Pro teams, as required
Minimum qualifications:
- Bachelor's degree in Business, Cyber Security, Risk Mgt, IT application management, Computer Science, or Engineering field
- 5+ years with progressive leadership responsibilities leading teams of 4-7 individuals
- 3+ years of security, software engineering, product delivery
Nice to have qualifications:
- Ford Customer Service and/or Ford Pro domain knowledge
- Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc
- Strong understanding of Security Engineering concepts around key management, authorization, Cloud Security etc
- Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001
- Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck
- Working knowledge of API Security
- Experience in security operations including delivery of security findings to software engineering teams and consulting on risk priorities for vulnerabilities.
- Experience with vulnerability management with understanding of CVEs, CWEs and how to research and manage risks.
- Comfortable communicating with different levels and audiences effectively to gain attention collaboratively while not causing panic or animosity.
- A strong drive to keep learning new tools, ideas, techniques, and methodologies to change culture to one based on building security and privacy into solutions from inception.
- Motivated to support compliance to standards and policies as foundational to security
- Experience supporting cloud-based platforms in an enterprise environment such as: Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS).
- Experience working with GCP and particularly securing GCP assets and development pipelines.
- Experience working in incident Response teams to detect, contain, investigate, and recover from security incidents
- Experience working with GAO and/or Internal Control
- Certifications are highly valued (CISSP, CISA, CISM, etc)
- Ability to work collaboratively with others and navigate complex decision making.
Join our team as we create the future of the commercial landscape and deliver secure and always-on solutions.
We believe in putting people first, working together, and facing challenges head-on.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Audits Automation AWS Azure Checkmarx CI/CD CISA CISM CISSP Cloud Compliance Computer Science Cyber defense DAST DevSecOps GCP Incident response ISO 27001 NIST NIST 800-53 Privacy SAST SOX Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs