Enterprise Cyber Security Analyst

Ford is seeking a highly motivated and skilled Enterprise Cybersecurity Analyst to join our dynamic Cybersecurity team in Mexico. In an environment where technological advancements are rapidly increasing the complexity of our cybersecurity landscape, this role is crucial for maintaining a robust security posture, ensuring compliance, and proactively managing risks. This position will not only provide critical advisory and assessment functions but will also play a key role in managing cybersecurity projects designed to enhance the internal customer experience.

• Cybersecurity Advisory & Guidance: Serve as a subject matter expert, providing policy and risk-based consultation to enterprise customers, ensuring consistent adherence to regulatory requirements and best practices across all operations.
• Cybersecurity Project Management: Manage and drive critical cybersecurity projects from inception to completion, focusing on initiatives that improve internal customer experience by delivering user-centric security solutions and streamlining security processes. This includes defining project scope, coordinating resources, tracking progress, and ensuring successful delivery.
• OSP Compliance Support: Act as a dedicated resource for Outside Service Provider (OSP) compliance, guiding business owners on company policy requirements and assisting in assessing the security posture of third-party vendors to minimize potential disruptions.
• GRC Component Assessments: Conduct high-risk Application and Infrastructure Governance, Risk, and Compliance (GRC) component assessments, identifying potential vulnerabilities, ensuring control implementation, and recommending mitigation strategies across various technologies.
• Security Awareness: Support enterprise-level cybersecurity awareness initiatives, strengthening employee security awareness and empowering them as the first line of defense.
• Vulnerability Management: Manage the full lifecycle of security vulnerabilities, including assisting teams with triage and analysis, evaluating associated risks, and implementing effective remediation strategies to defend against threats to enterprise assets.
• Collaborate with other cyber services to provide best-in-class consultation and support to enterprise customers.
• Reporting cyber security metrics by tracking key performance indicators (KPIs).
• Establishing robust engagement and communication channels to provide timely and quality response.

Education & Foundational Experience:

• Bachelor's degree in a relevant field (e.g., Computer Science, Cybersecurity, Software Engineering, Information Security) or an equivalent combination of education, training, and experience.
• OR: Minimum of 2-3 years of professional experience in IT (e.g., application development, infrastructure management), coupled with a strong desire and demonstrated aptitude for a career in cybersecurity.

Professional Experience:

• Minimum of 2 years of professional experience in one or more of the following technical disciplines:
  • Third-party Risk Assessment
  • Vulnerabilities Assessments
  • Cybersecurity Consultation
  • Cybersecurity Auditing
  • Software Development and Coding (with a security focus)
  • Application Security
  • DevSecOps Methodologies
  • Identity and Access Management (IAM)
  • Cloud Security
  • Security Operations and Incident Response

Technical Knowledge & Skills:

• Cybersecurity Frameworks: Knowledge of cybersecurity frameworks and industry standards (e.g., NIST CSF, ISO 27001/2, OWASP).
• Risk & Threat Management: Familiarity with Threat Modeling and IT Risk Assessment methodologies.
• Identity & Access Management (IAM): Knowledge of best practices for IAM flows, grant types, OAuth2, OIDC, and SAML standards.
• API Security: Experience with API security best practices to protect sensitive data and services.
• Cryptography: Knowledge of cryptographic algorithms and functions for building secure solutions.
• Vulnerability Management: Familiarity with common security flaws and effective remediation strategies (e.g., OWASP Top 10).
• DevSecOps & Agile: Understanding of DevSecOps principles, agile methodologies, and security policies.