Operational Risk Supervisor (IT)

About The Position

Requirements

• Bachelor’s degree in Technical Discipline
• Minimum 5 years of experience working with IT risks and controls
• At least 3-5 years of experience in leadership or management role, including building and managing teams
• Demonstrated experience with Audit, writing IT policy, or other Second Line of Defense (2LOD) functions within a large, complex IT environment.
• In-depth understanding of IT control frameworks and regulatory requirements (e.g., COBIT, NIST CSF, ISO 27001), regulatory requirements (e.g., SOX, GDPR, CCPA), and industry best practices.
• Exceptional analytical and problem-solving skills with the ability to translate technical details into business risks
• Strong leadership, interpersonal and communication skills (written and verbal), with the ability to collaborate effectively
• Ability to manage multiple priorities in a dynamic environment

Nice To Haves

• Process improvement mindset
• Experience performing IT risk assessments
• Knowledge of IT security and Controls
• Prior experience working with GRC and Policy Management tools
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• ISO 27001and 27005
• Other relevant certifications in IT audit, risk management, or information security.
• Experience working in the financial/banking industry, or other highly regulated environments is an asset
• Familiarity with AI control frameworks, data governance, and data lineage principles

Responsibilities

• Establish, recruit, and lead a high-performing team of IT risk professionals, fostering a culture of continuous improvement, accountability, and collaboration.
• Partner closely with the First Line of Defense (1LOD) IT teams to deeply understand their operations, identify key IT risks, and pinpoint the most critical controls designed to mitigate those risks.
• Lead comprehensive IT risk assessments, leveraging established methodologies to evaluate the likelihood and impact of identified risks
• Develop and implement a robust methodology for 2LOD IT control testing. Scope, plan, and execute independent testing of IT controls to assess their design and operating effectiveness.
• Analyze the results of control testing, identify control deficiencies, and provide clear, actionable feedback to 1LOD teams on the effectiveness of their controls – highlighting both strengths and areas for improvement.
• Ensure that IT controls are thoroughly documented, accurately reflect operational practices, and are actively utilized by the 1LOD. Monitor and provide oversight on remediation efforts for identified control gaps.
• Contribute to the ongoing development and refinement of Ford's IT risk management framework, policies, and procedures, aligning with industry best practices and regulatory requirements.
• Build strong relationships with IT leadership, internal audit, compliance, and other risk functions to promote a cohesive and integrated approach to risk management.

Benefits

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.