Cybersecurity Risk Engineer Director

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves?

Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

This job is posted as REMOTE but designated as HYBRID with up to three days per week onsite may be required for candidates within commuting distance from our Dearborn, MI.,offices. (Eastern Time Zone, Central Time Zone preferred)

Visa sponsorship is NOT available for this position.

We are seeking a highly skilled and strategic Cyber Security Risk Engineer Director to lead our core cybersecurity risk engineering functions. This critical leadership role demands a deep technical understanding and a hands-on approach to designing, building, and owning the robust security capabilities that protect our enterprise. You will be instrumental in developing and implementing engineering strategies and solutions across Governance, Risk, and Compliance (GRC), Patch and Configuration Management, Business Impact Analysis (BIA) tooling (including its application to Business Continuity and Disaster Recovery), and Proactive Security Analysis responsibilities. A key aspect of this role is partnering closely with key security teams across the organization, ensuring they are equipped with the advanced tools and capabilities necessary to effectively protect the organization's assets and operations.

• Cyber Security Engineering Strategy, Ownership & Leadership:
  • Define, develop, and execute a forward-thinking cybersecurity engineering strategy that directly reduces organizational risk and aligns with business objectives.
  • Take direct ownership of the design, architecture, and implementation of innovative security solutions and controls, ensuring their effectiveness and scalability.
  • Drive a culture of engineering excellence, continuous improvement, and automation across all security domains.
  • Provide expert technical guidance and thought leadership on emerging cyber threats, vulnerabilities, and advanced risk mitigation engineering strategies to senior leadership and technical teams.
  • Manage the engineering budget and technology roadmap for core security platforms, optimizing investments for maximum security posture improvement.
  • Partner extensively with key stakeholders across the organization to understand their operational needs, provide them with the necessary engineering tools, platforms, and capabilities, and enable their success in protecting the enterprise.
• Governance, Risk, and Compliance (GRC) Engineering & Audit Compliance:
  • Lead the engineering, development, and ongoing maintenance of GRC platforms and tools, ensuring they effectively support risk management, compliance, and audit requirements.
  • Drive the automation of GRC processes, including continuous control monitoring, risk assessments, and compliance reporting, to enhance efficiency and accuracy.
  • Engineer solutions that facilitate seamless risk audit compliance for the organization, proactively identifying and addressing control gaps.
  • Collaborate with GRC, audit, and legal teams to translate regulatory requirements and internal policies into actionable, auditable engineering controls and solutions.
  • Develop and maintain a risk-based cyber control program, focusing on the engineering aspects of control design, implementation, and effectiveness measurement across the enterprise.
• Patch and Configuration Management Engineering:
  • Direct and own the engineering efforts for enterprise-wide patch and configuration management programs, ensuring the secure, compliant, and consistent state of all systems and applications.
  • Lead the development and implementation of advanced, automated solutions for vulnerability remediation, patch deployment, and secure configuration enforcement across diverse IT and OT environments.
  • Establish, engineer, and enforce methodologies and standards for secure configuration baselines, ensuring adherence to internal policies and industry best practices.
  • Drive initiatives to proactively identify and mitigate configuration drift, unauthorized changes, and critical patch vulnerabilities, minimizing the attack surface.
  • Oversee the engineering of robust monitoring and reporting mechanisms for patch compliance and configuration adherence metrics.
• Business Impact Analysis (BIA) Tool Engineering for BCP/DR:
  • Lead the engineering, deployment, and operational aspects of the Business Impact Analysis (BIA) tool, ensuring its effectiveness in identifying critical business processes, their dependencies, and associated cyber risks.
  • Collaborate with business units and continuity planning teams to define robust requirements for the BIA tool and integrate it with relevant data sources to support comprehensive Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.
  • Engineer the BIA tool to accurately capture Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), and detailed impact justifications for potential disruptions, directly feeding into BCP/DR strategies.
  • Drive the automation of BIA data collection, analysis, and reporting to support resilient business operations and rapid recovery capabilities.
• Proactive Analysis Engineering:
  • Provide strategic engineering leadership and deep technical expertise focusing on the security posture and operational defense of our critical applications.
  • Lead the development and implementation of advanced security monitoring, threat detection, and automated response capabilities specifically tailored for application-layer threats.
  • Drive the automation of application security incident playbooks, response workflows, and forensic capabilities to improve efficiency and reduce mean time to respond (MTTR).
  • Collaborate closely with development, DevOps, and traditional SOC teams to embed security by design throughout the application development lifecycle and ensure seamless, engineered incident handling.

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field. Master's degree highly regarded.
• 10+ years of progressive experience in cybersecurity, with at least 5+ years in a leadership or director-level role focused on security engineering and ownership.
• Proven ability advising, influencing, and developing solution architectures in global organizations with complex enterprise technology environments.
• Proven track record of building, leading, and mentoring high-performing technical security engineering teams.
• Deep technical expertise and hands-on experience in designing, implementing, and managing solutions across multiple areas: GRC platforms (e.g., ServiceNow GRC, Archer), patch/configuration management tools (e.g., SCCM, Ansible, Puppet), BIA methodologies/tools, and comprehensive Application Security.
• Strong understanding of industry security frameworks and regulations (e.g., NIST, ISO 27001, GDPR, SOX, HIPAA, PCI DSS) and experience engineering for compliance.
• Expert-level understanding of cloud security principles and extensive experience engineering security solutions within major cloud providers (GCP, Azure).
• Ability to identify, prioritize, and weigh different options and recommend a constructive solution
• Proficiency in scripting and automation languages (e.g., Python, PowerShell, Go) for security operations and infrastructure as code.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex technical concepts and strategic roadmaps to both highly technical teams and executive leadership.

Preferred Skills & Certifications:

• Relevant industry certifications such as CISSP, CISM, CGEIT, CRISC, CCSP, OSCP, or equivalent.
• Experience with Agile/DevOps methodologies and DevSecOps principles.
• Demonstrated ability to thrive in a fast-paced, dynamic, and complex technical environment.
   

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:
• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.

This position is a leadership level 5.

For more information on salary and benefits, click here: https://fordcareers.co/LL5SP1
This position is a range of salary grades LL5.

This job is posted as REMOTE but designated as HYBRID with up to three days per week onsite may be required for candidates within commuting distance from our Dearborn, MI.,offices. (Eastern Time Zone, Central Time Zone preferred)

Visa sponsorship is NOT available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

#LI-Remote