Cybersecurity GRC and Strategy Analyst, Ford Energy
The Opportunity
We are seeking a Cybersecurity GRC (Governance, Risk, and Compliance) and Strategy Specialist to help define, implement, and maintain our global cybersecurity governance framework and risk management strategy. This role is key to bridging the gap between technical security requirements, business objectives, and regulatory demands, ensuring our products, services, and internal operations remain secure, compliant, and resilient.
Key Responsibilities
- Governance & Policy: Assist in the development, maintenance, and dissemination of cybersecurity policies, standards, and procedures. Ensure alignment with industry-standard frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, IEC/ISA 62443, NERC CIP).
- Risk Management: Conduct comprehensive qualitative and quantitative cybersecurity risk assessments on internal processes, applications, and business units. Maintain the enterprise cybersecurity risk register, tracking identified risks from identification through to mitigation or acceptance.
- Compliance Management: Coordinate and support compliance activities, internal audits, and external assessments. Map security controls across multiple regulatory frameworks and standards to streamline compliance evidence gathering.
- Strategic Alignment: Support the design, tracking, and reporting of cybersecurity strategic initiatives and Key Performance Indicators (KPIs/KRIs). Develop executive-ready dashboards and reports to communicate security posture and risk trends to leadership.
- Third-Party Risk Support: Collaborate on third-party security risk assessments, evaluating the security posture of vendors, SaaS providers, and partners to protect company data.
- Security Awareness: Help design and deliver cybersecurity awareness programs and training to foster a strong, proactive security culture across the organization.
- Collaboration: Partner with Legal, Internal Audit, Product Engineering, IT, and purchasing teams to integrate GRC principles into early-stage business initiatives.
Position Qualifications and Key Capabilities
Required
• Experience: Minimum of 3–5 years of experience in Cybersecurity Governance, Risk, and Compliance (GRC), IT Security Auditing, or Cybersecurity Strategy.
• Framework Knowledge: Strong working knowledge of standard cybersecurity and control frameworks (e.g., NIST CSF, ISO/IEC 27001, SOC 2, NIST SP 800-53).
• Risk Assessments: Demonstrated experience conducting technology risk assessments, identifying control gaps, and recommending practical remediation strategies.
• GRC Tooling: Experience utilizing enterprise GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust) for compliance mapping, risk tracking, and policy management.
• Communication: Exceptional written and verbal communication skills, with a proven ability to translate complex technical risks into clear, actionable business impacts for non-technical stakeholders.
• Education: Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Business Administration with a technology focus, or a related field.
Preferred
• Professional GRC-related certifications such as CISA, CRISC, CISM, CompTIA Security+, or CAPM.
• Experience in highly regulated industries such as Renewable Energy, Automotive (EV), Financial Services, or Aerospace.
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and automotive/product security compliance standards (e.g., UNECE WP.29 R155/R156, ISO/SAE 21434).
• A strategic mindset with experience compiling executive-level reports, slide decks, and performance metrics.
Leadership Attributes
A structured, detail-oriented specialist who is comfortable managing multiple stakeholders and driving cross-functional alignment.
Location & Travel
• Location: Dearborn, MI- This position is hybrid-friendly for candidates with a proven ability to deliver results in a flexible environment.
• Travel Expectations: Occasional travel to support suppliers, test houses, and customer sites
• Company: As Ford establishes a wholly owned subsidiary focused on Battery Energy Storage Systems, this role will initially be employed by Ford and is expected to transition to the subsidiary within one year.
Why Ford Energy? At Ford Energy, you have the backing of an industrial manufacturing powerhouse with the agility of a dedicated energy startup offering industry-leading technology. We offer a competitive compensation package including performance-based bonuses, Ford vehicle discounts, and the opportunity to shape the energy strategy of one of the world's most iconic brands.