IT Security & Controls Senior Analyst

This role requires a blend of technical expertise, analytical skills, and a strong understanding of security principles, risk management frameworks and compliance regulations.

This is a leadership role demanding strong communication, analytical, and problem-solving skills, that would provide guidance and mentoring for Security & Controls Junior analysts.

Security, Controls & Compliance:

• Collaborate at Group level to enhance internal policies, standards, and controls.
• Advise Software Engineering teams on meeting compliance and control requirements.
• Conduct IT due diligence assessments of third‑party ICT service providers to ensure alignment with leading information security standards.
• Identify and report gaps in compliance with key regulations (e.g., SOX, GDPR, DORA).
• Lead the remediation of complex audit findings and internal control issues, coordinating corrective actions and defining best practices.
• Develop and deliver awareness materials and contribute to reporting for senior risk and resilience committees.

Cyber security:

• Represent the company at FS‑ISAC events and other industry forums.
• Collaborate with global Ford Credit and FMC Cyber Defence teams to align strategies with FCE’s needs.
• Monitor cybersecurity trends and innovations, identifying opportunities to strengthen our cyber defence posture.
• Attend external cybersecurity events and share key insights with internal stakeholders.

• Degree in IT, Cybersecurity, or related field (minimum 2:2 or international equivalent).
• Experience in IT Security, with a strong controls mindset and background in system development or management.
• Familiarity with SOC 2 Type II, ISO 27001, or similar standards.
• Solid understanding of cybersecurity threats, controls, and incident response.
• Strong organisational, communication, and documentation skills.
• Ability to assess risks and develop practical security solutions.
• Certifications such as CRISC, CISM, CISSP, CISA.
• Knowledge of ICT regulations (e.g., DORA, SYSC8, BaFin).
• Experience in financial services or regulated environments.
• Cloud security expertise (AWS, Azure, GCP).
• Experience in security awareness and training.

The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability.

This position is based in Dunton, and it is expected the successful candidate will be able to attend the Dunton office for typically 4 days a week and remain flexible on the days they are required to attend the office according to business requirements.

As part of our pre‑employment checks process, successful candidates will be required to undergo a criminal record check. This will be conducted in line with the Rehabilitation of Offenders Act 1974 and applied only to unspent convictions.