IT Security & Controls Senior Analyst

position and applications will only be accepted from current UK permanent employees (FoB and FCE employees only) and it is expected the successful candidate will be able to attend the Dunton Campus at least 4 days a week.If you require further information about this position, please contact Eva Tomillo.Please discuss your application with your line manager. Any concerns about releasability from your current role can also be directed to your HR Representative or your line manager.Note: Banking and Compliance training including fair treatment of customers is mandatory for all FCE employees. Necessary training will be given to any successful candidates that require it.

Security, Controls & Compliance:Leverage a comprehensive understanding of Company policies, standards and guidelines and industry best practices to a) collaborate at Group level (Ford Motor Company, Ford Motor Credit Company) to continually improve those control documents and b) advise Software Engineering teams meeting their controls responsibilities. Conduct Security & Risk assessments of Third-party ICT service providers across FCE (IT due diligence reviews), ensuring they comply with most up-to-date and highest quality information security standards. Identify and report compliance gaps with relevant security regulations and industry standards (e.g., SOX, GDPR, DORA).Lead on remediation of complex IT Security & Controls related audit findings and internally identified control gaps, including high level co-ordination of corrective actions and defining learnings and best practices.Identify/recommend and where needed present material on various topics to support in-house security & controls awareness & training, or related reporting required at FCE committee meetings (e.g. Exec Operational Risk & Resilience Committee).Cyber security: Represent FCE at FS-ISAC (Financial Services Information Sharing and Analysis Center) events and seminars.Engage with Global Ford Credit security teams and central FMC Cyber Defence Team, to ensure FCE requirements are reflected in long and short term strategy updatesProvide insights, and identify opportunities for enhancing cyber security and defence by actively engaging with relevant industry bodies to keep apprised of Cyber security best practices, innovations, and trends.Attend external seminars and expo events in relation to cyber security and present findings back to the FCE IT Cyber Team and to Software Engineering teams.Maintain the FCE Cyber Incident Response Plan, revising in response to changes to threats and risks, and disseminating the plan to the Cyber Incident Responses Team.

This role requires a blend of technical expertise, analytical skills, and a strong understanding of security principles, risk management frameworks and compliance regulations. This is a leadership role demanding strong communication, analytical, and problem-solving skills, that would provide guidance and mentoring for Security & Controls Junior analysts.

Essential:Minimum 2.2 degree or international equivalent in Information Technology or Cybersecurity.Strong controls mindset, and a background in system development and management - with proven experience in IT Security related function, or equivalent experiences.Demonstrable experience with SOC 2 Type II reports, ISO 27001 or similar standards.Good understanding of cybersecurity threats and best practices, including knowledge of common attack vectors, security controls, and incident response procedures.Strong prioritisation, co-ordination, organisational and communication skills, and a proven ability to balance workload and competing demands to meet deadlines.Clear and concise writing skills for creating reports and documentation, including security requirements, procedures, and policiesCritical thinking skills to assess risks and develop security solutions Desirable:Acquired any of the following certifications, or equivalent:CRISC (Certified in Risk and Information Systems Control) or equivalentCISM (Certified Information Security Manager) or equivalentCISSP (Certified Information System Security Professional) or equivalentCISA (Certified Information Systems Auditor)Familiar with any ICT related regulations (e.g. SYSC8, PRA, EBA, BaFin, DORA).Experience in a regulated, financial environmentUnderstanding of the overall business of Ford CreditExperience of educating others and sharing awareness to different levels in the organization Cloud security certifications from major cloud providers (AWS, Azure, GCP) / demonstrable expertise in securing cloud environments.Experience with various testing techniques and methodologies. Additional Information: The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability. This is a UK