Job Summary:
The GRC Program Manager has oversight responsibility for Information Technology (IT) security risk and controls for Information Technology and business processes. This role will develop and maintain policies processes and procedures for IT coordinating with other departments for enterprisewide policies processes and procedures.
Additionally they will help develop and manage corporatewide IT security and risk assessment programs and training for proactive risk management and control integration. This role is also responsible for preparation support and remediation for audits and compliance reviews initiated internally or externally.
Essential Job Functions:
# Develop implement and maintain the information security program risk and controls function.
# Collaborate and drive business and cyber risk program alignment across the enterprise innovate and institute change to manage risk.
# Assist with the implementation and ongoing support for all security measures necessary to ensure Personally Identifiable Information (PII) is secure and all business requirements and applicable State and Federal regulations are met.
# Manage enterprise wide data governance framework with a focus on improvement of organizational policies and standards principles governance metrics processes related tools and data architecture.
# Plan execute and manage multiple projects to budget completing audits and business process control reviews.
# Review and test companywide IT Security & Controls processes to assess business risks controls and the overall effectiveness.
# Develop and execute project and vendor risk assessments recommend risk mitigation techniques and identify opportunities for security and control improvements.
# Maintain active communication with project teams and vendors managing expectations and ensuring adherence to policies.
# Work with and support leadership and team members to achieve goals of the IT Security and Controls team.
# Act as the key contact for Ford Motor Company s Governance Risk Management and Compliance (GRC) team.
# Work with Ford Motor Company and FordDirect IT to complete audits updating Component Assessments as needed.
# Create and update content for compliance and privacy training facilitating sessions for employees and contractors as needed.
# Stay current on the everchanging information security and privacy landscape ensuring all policies and controls are relevant.
Other Responsibilities:
* Abide by the policies procedures and Code of Conduct of the company.
* Handle personal information ( PI ) that pertains to any individual (e.g. leads dealers employees job applicants etc.) in accordance with FordDirect s Privacy Policy and public facing privacy statements on FordDirect managed websites.
* Complete any required training.
* Promptly report any known or suspected loss theft or unauthorized disclosure or use of PI to the General Counsel/Chief Compliance Officer or Chief Information Officer.
* Adhere to the company s compliance program.
* Safeguard the company s intellectual property information and assets.
* Other duties as assigned.
Minimum Qualifications and Job Requirements:
* Experience
** Multidisciplined experience within an IT environment (7 years).
** Information security privacy and information protection leadership experience (5 years).
** IT Security & Controls policy and compliance enforcement experience.
** Experience successfully scoping planning and driving technology development projects.
** Experience creating and enforcing security policies for the Enterprise and our Suppliers.
** ISO information security experience is a plus.
** Audit experience
Skills Knowledge and Abilities
** Proactively problemsolve and multitask while maintaining composure and attention to detail.
** Followthrough mindset to uphold a close the loop culture.
** A positive approach to serving customers and providing exceptional customer service.
** Ability to demonstrate good judgment high ethics and project a professional image.
** Ability to work independently and as a collaborative team member with a positive can do attitude.
** The drive to identify and seize opportunities for continuous improvement as business needs change.
** Excellent organization flexibility and time management skills and the ability to work in a dynamic deadlinedriven environment.
** Exceptional interpersonal and business communication skills (written verbal listening).
** Proficient in Microsoft Office skills (Word Excel and PowerPoint).
Education
Bachelor s degree from a fouryear college or university in Information Technology Computer Science or related field.
Masters in Information Technology or related field is a plus.
Security or control related certification required (CISSP CISM GIAC GISP).
grc,it security,compliance,risk,enterprise,information security
GRC Program Manager
