Job Description

This is a unique opportunity for a strong candidate to join FCE Bank Plc. in a position to broaden and develop Information Security and Risk Management knowledge and experience and strengthen communication and relationship building skills. The scope of the role also provides opportunity to learn about the wider Ford Credit organisation, including Cyber Security strategy and defence at a local and Global level, and gives great exposure to the rest of the IT community at all levels.

Work in a newly created position as Information Security Officer for FCE to achieve continuous improvement in the level of information security with regards to the confidentiality, integrity, and availability of FCE information systems and data. The successful candidate will be part of the Operational Risk team in the 2nd Line of Defence, monitoring and challenging risk management by the 1 st Line, whilst being in daily interaction with FCE IT Information Security team, Supplier CoE... Compliance team, Data Protection, FBG ISO, and others, creating a strong network.

Responsibilities
• Develop and implement periodic reporting on the effectiveness of provided services related to information security practices within FCE.
• Support FCE Management, the Board of Directors and appropriate business areas regarding information security and cyber-risk.
• Partner with Information Technology leaders to ensure cyber-risk and information security controls and practices are effective.
• Define/maintain regional procedures for information security based on Information Security Policy and aligned to recognized standards such as ISO 27001 and EBA Guidelines on ICT and Security Risk, or others (e.g. DORA).
• Implement and further develop the information security governance and oversight processes within the management system of FCE.
• Ensure that incident response and management for information security incidents (investigation & analysis, resolution, closure) is performed.
• Define processes to identify and assess information security risks.
• Perform risk-based monitoring of the implementation of information security measures.
• Lead continuous improvement of information security management system practices and processes at FCE.
• Provide reporting to corresponding risk and control related committees on an agreed basis (monthly / bi-monthly) and ad-hoc reporting of significant information security activity.
• Actively participate in FCE and global meetings and committees, in which decisions about information security management are made and knowledge/experiences are exchanged.
• Regularly communicate and align with the Data Protection, Internal Controls and Operational Risk management functions of FCE, and Security and Control Champions at Ford Credit.
• Support IT/Business in development, implementation, and sustainability of IT Control Improvement Plans.
• Perform GAO and OIC Comment Management, supporting IT/Business in development, implementation, and sustainability of IT Control Improvement Plans.
• Perform GAO and Third-Party Audit Support, working closely with Supplier.
• Partner with IT PDOs, ITO, and Cyber Security Services to Progress Design of IT Controls.
• Ensure/Monitor Bank resilience capabilities through Business Continuity and Disaster Recovery planning and testing.

Qualifications

Essential:
• Ability to interpret and apply Ford / Industry IT Controls.
• Understands risks and has a solid understanding of Corporate policies (ISP, Finance Manual, Corporate Directives, etc.).
• Understanding of applicable banking regulations.
• Capable and comfortable working autonomously.
• Strong leadership skills.
• Continuous controls and process improvement mentality.
• Integrity - ability to "stand ground" for correct action and do the right thing.
• Demonstrated ability to take ownership and accountability of all work products and responsibilities.
• Demonstrated drive for results and initiative.
• Strong communication and presentation skills (written and oral).
• Excellent interpersonal, collaborative and team building skills.

Desirable:
• In depth knowledge of various control policies and procedures including Control FMs, Information Security Policy, Global Purchasing Policies and Procedures, Component Assessments, Self-Assessment Control Testing, Corporate Approval Authorities, etc.
• Cyber Security Services Advisor (formerly Security Controls Champion or Security Controls Practitioner).
• Financial Services experience.
• Degree preferred.
• Preferred candidate should have a proven track record in IT security and controls, demonstrated strong controls mindset, and a background in system development and management – with experience in Second or Third Line of Defence functions (Risk, Internal Control or Internal Audit), or equivalent experiences outside the organisation.
• Certifications are a plus (CISA, CISM, CISSP, CIA).
• Process mapping and analysis skillset.
• Outstanding teamwork skills.
• Exceptional analytical skills.

This position is based in Dunton and it is expected the successful candidate will be able to attend the Dunton Campus for typically 2 to 3 days a week and remain flexible on the days they are required to the attend the office according to business requirements.

Ford is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of gender, marital status, civil partnership status, parental status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion/belief, gender reassignment and gender identity, age and those with caring responsibilities
United Kingdom

Salary Criteria