FCE IT Cyber & Third-Party Risk Specialist
Essex, Essex, United Kingdom
Ford Motor Company
Since 1903, we have helped to build a better world for the people and communities that we serve. Welcome to Ford Motor Company.Increasing regulation, such as Digital Operational Resilience Act (DORA), and the desire to enhance the oversight of services provided by Third Party Information and Communications Technology (ICT) suppliers, has resulted in the need for a new position for FCE IT.
We are seeking for a highly motivated and experienced IT Cyber & Third-Party Risk Specialist, with a strong understanding of cybersecurity principles, third-party risk management frameworks, and relevant European regulations.
The successful candidate will play a critical role in ensuring the security and compliance of our IT systems and third-party relationships, and will be part of FCE IT Information Security Team (1st Line of Defense), working in collaboration with the FCE Information Security Officer within Operational Risk Team (2nd Line of Defense).
Third Party Risk Management:
- Ensure ongoing assessment of third-party ICT service providers against regulatory standards and best in class practices and highlighted gaps and risks to the ISO.
- For ICT third-party service providers supporting critical or important functions, ensure that they comply with most up-to-date and highest quality information security standards.
- Manage SLAs and oversee corresponding KPIs for intragroup services related to Cyber security services, and potentially others (e.g. incident management).
- Develop and implement risk mitigation strategies to address identified vulnerabilities.
Cybersecurity:
- Lead identification and tracking of ICT related risks.
- Define the minimum asset inventory requirements to comply with the regulation (roles and dependencies, recovery goals, link to business functions, etc)
- Support engineering teams in achieving best-in-class ICT Business Continuity plans and disaster recovery capabilities to ensure required business continuity outcomes.
- Understand and support ICT Risk Management Framework, which includes a Digital Operational Resilience Strategy
- Support Digital Operational Resilience testing definition and execution.
Compliance:
- Ensure that ICT Incident reporting policy and procedures support regulatory requirements, so information required for regulatory notifications is available.
- Ensure Company compliance with relevant Banking/Finance Regulations by liaising with Compliance, Legal, Data Protection & Vendor Management to develop appropriate strategies and manage work streams.
- Identify ICT training to achieve and maintain the required regulatory requirements
Essential:
- Acquired at least one of the following Cybersecurity Risk Management certifications (credentials of validity to be provided):
- CRISC (Certified in Risk and Information Systems Control) or equivalent
- CISM (Certified Information Security Manager) or equivalent
- CISSP (Certified Information System Security Professional) or equivalent
- And one of the following Third Party Risk Management certifications* (credentials of validity to be provided):
- CTPRM (Certified Third Party Risk Management Professional)
- CTPRA (Certified Third Party Risk Assessor)
- CTPCRM (Certified Third Party Cybersecurity Risk Management Professional)
- CTISRM (Certified Third Party Information Security Risk Management Professional)
*or a proven Industry-Specific equivalent one
- Proven awareness of new EU legislation for Digital Operational Resilience Act (DORA).
- Proven expertise (3+ years) in Information Security Risk Assurance and application of Risk Management requirements for financial institutions (e.g. EBA guidelines on ICT & Security Risk Management)
- Excellent knowledge and proven experience of working third-party regulations (PRA, EBA & BaFin).
- Strong controls mindset, and a background in system development and management – with experience in IT Security function, or equivalent experiences outside the organisation
- Understanding cybersecurity threats and best practices, includes knowledge of common attack vectors, security controls, and incident response procedures.
- Strong prioritisation, co-ordination, organisational and communication skills, and a proven ability to balance workload and competing demands to meet deadlines.
- Clear and concise writing skills for creating reports and documentation, including security requirements, procedures, and policies
- Critical thinking skills to assess risks and develop security solutions
- Minimum 2.2 degree or international equivalent in Information Technology, Cybersecurity or Risk Management.
Desirable:
- Understanding of current architecture standards and digital platform services strategy
- Understanding of cloud security concepts
- Experience on educating others and sharing awareness to different levels in the organization
- Strong interpersonal skills to collaborate with team members and other departments, internal stakeholders, third-party vendors
- Experience in a regulated, financial environment
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Banking CISM CISSP Cloud Compliance CRISC Finance Incident response KPIs Risk management RMF SLAs Strategy Vendor management Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs