Compliance- Product Cybersecurity, Ford Energy

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.
• 3–5 years of experience in Product Cybersecurity, IT Compliance, Cybersecurity Governance, Risk & Compliance (GRC), or Security Auditing.
• Proven experience evaluating third-party vendor risk, conducting supplier assessments, and analyzing Software Bills of Materials (SBOMs).
• Solid understanding of Secure Software Development Lifecycles (SSDLC), secure coding standards (e.g., OWASP, CERT), and DevSecOps integrations.
• Demonstrated knowledge of cybersecurity frameworks and standards such as ISO/SAE 21434, UNECE R155, ISO 27001, NIST CSF, or SOC 2.
• Experience using vulnerability tracking and management tools (e.g., Jira, ServiceNow, Kenna, or platform-specific GRC tools) to drive remediation lifecycles.

Nice To Haves

• Detail-oriented and analytical thinker capable of managing multiple compliance streams in a fast-paced, evolving regulatory environment.
• Professional certifications such as CISA, CRISC, CISSP, CompTIA Security+, or CCSK are highly desirable.
• Direct experience in the Automotive, EV, Renewable Energy, Aerospace, or regulated manufacturing industries.
• Experience with automated SBOM analysis tools (e.g., Black Duck, Snyk, Dependency-Track).
• Exceptional written and verbal communication skills, with the proven ability to translate complex technical vulnerabilities into clear compliance risk profiles for diverse stakeholders.

Responsibilities

• Conduct detailed cybersecurity risk assessments on third-party software, hardware, and cloud suppliers.
• Review Software Bills of Materials (SBOMs), vendor security postures, and supply chain risk profiles to ensure alignment with company security requirements.
• Collaborate with product engineering teams to integrate secure software development lifecycle (SSDLC) practices.
• Promote threat modeling, secure code reviews, and automated security testing (SAST/DAST) across development pipelines.
• Interpret, define, and map product security and compliance requirements against global standards and regulations (e.g., UNECE WP.29 R155/R156, ISO/SAE 21434, ISO 27001, NIST SP 800-53).
• Lead the end-to-end tracking, prioritization, and remediation of product and third-party vulnerabilities.
• Coordinate with engineering teams to monitor patch management lifecycles and report on compliance metrics.
• Manage and maintain compliance documentation and evidence artifacts for internal audits and external regulatory submissions (e.g., vehicle type approvals and energy sector certifications).
• Establish and optimize compliance dashboards, KPIs, and reporting mechanisms to track product cybersecurity posture and compliance scores.
• Partner closely with Purchasing, Legal, Product Engineering, and enterprise IT security teams to drive a unified risk management strategy.
• Apply automated tools and modern approaches to scale supply chain risk assessments and vulnerability tracking processes.

Benefits

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.