Shire Jobs

Mobile Shire Logo
Home View All Jobs (2,179,786)

Job Information

Ford Motor Company FCE IT Cyber & Third-Party Risk Specialist in Essex, United Kingdom

Increasing regulation, such as Digital Operational Resilience Act (DORA), and the desire to enhance the oversight of services provided by Third Party Information and Communications Technology (ICT) suppliers, has resulted in the need for a new position for FCE IT.

We are seeking for a highly motivated and experienced IT Cyber & Third-Party Risk Specialist, with a strong understanding of cybersecurity principles, third-party risk management frameworks, and relevant European regulations.

The successful candidate will play a critical role in ensuring the security and compliance of our IT systems and third-party relationships, and will be part of FCE IT Information Security Team (1st Line of Defense), working in collaboration with the FCE Information Security Officer within Operational Risk Team (2nd Line of Defense).

Third Party Risk Management:

  • Ensure ongoing assessment of third-party ICT service providers against regulatory standards and best in class practices and highlighted gaps and risks to the ISO.

  • For ICT third-party service providers supporting critical or important functions, ensure that they comply with most up-to-date and highest quality information security standards.

  • Manage SLAs and oversee corresponding KPIs for intragroup services related to Cyber security services, and potentially others (e.g. incident management).

  • Develop and implement risk mitigation strategies to address identified vulnerabilities.

Cybersecurity:

  • Lead identification and tracking of ICT related risks.

  • Define the minimum asset inventory requirements to comply with the regulation (roles and dependencies, recovery goals, link to business functions, etc)

  • Support engineering teams in achieving best-in-class ICT Business Continuity plans and disaster recovery capabilities to ensure required business continuity outcomes.

  • Understand and support ICT Risk Management Framework, which includes a Digital Operational Resilience Strategy

  • Support Digital Operational Resilience testing definition and execution.

Compliance:

  • Ensure that ICT Incident reporting policy and procedures support regulatory requirements, so information required for regulatory notifications is available.

  • Ensure Company compliance with relevant Banking/Finance Regulations by liaising with Compliance, Legal, Data Protection & Vendor Management to develop appropriate strategies and manage work streams.

  • Identify ICT training to achieve and maintain the required regulatory requirements

Essential:

  • Acquired at least one of the following Cybersecurity Risk Management certifications (credentials of validity to be provided):

  • CRISC (Certified in Risk and Information Systems Control) or equivalent

  • CISM (Certified Information Security Manager) or equivalent

  • CISSP (Certified Information System Security Professional) or equivalent

  • And one of the following Third Party Risk Management certifications* (credentials of validity to be provided):

  • CTPRM (Certified Third Party Risk Management Professional)

  • CTPRA (Certified Third Party Risk Assessor)

  • CTPCRM (Certified Third Party Cybersecurity Risk Management Professional)

  • CTISRM (Certified Third Party Information Security Risk Management Professional)

*or a proven Industry-Specific equivalent one

  • Proven awareness of new EU legislation for Digital Operational Resilience Act (DORA).

  • Proven expertise (3+ years) in Information Security Risk Assurance and application of Risk Management requirements for financial institutions (e.g. EBA guidelines on ICT & Security Risk Management)

  • Excellent knowledge and proven experience of working third-party regulations (PRA, EBA & BaFin).

  • Strong controls mindset, and a background in system development and management – with experience in IT Security function, or equivalent experiences outside the organisation

  • Understanding cybersecurity threats and best practices, includes knowledge of common attack vectors, security controls, and incident response procedures.

  • Strong prioritisation, co-ordination, organisational and communication skills, and a proven ability to balance workload and competing demands to meet deadlines.

  • Clear and concise writing skills for creating reports and documentation, including security requirements, procedures, and policies

  • Critical thinking skills to assess risks and develop security solutions

  • Minimum 2.2 degree or international equivalent in Information Technology, Cybersecurity or Risk Management.

Desirable:

  • Understanding of current architecture standards and digital platform services strategy

  • Understanding of cloud security concepts

  • Experience on educating others and sharing awareness to different levels in the organization

  • Strong interpersonal skills to collaborate with team members and other departments, internal stakeholders, third-party vendors

  • Experience in a regulated, financial environment

Requisition ID : 30579

DirectEmployers