Compliance- Product Cybersecurity, Ford Energy
About the role
In this position, you will play a critical role in securing Ford Energy’s grid-scale and commercial systems. You will implement, validate, and optimize cybersecurity compliance across our product ecosystems, ensuring that our cutting-edge hardware and software platforms remain resilient against evolving threats.
Responsibilities
Supply Chain & Third-Party Governance: Conduct detailed cybersecurity risk assessments on third-party software, hardware, and cloud suppliers. Review Software Bills of Materials (SBOMs), vendor security postures, and supply chain risk profiles to ensure alignment with company security requirements.
Secure Development Practices: Collaborate with product engineering teams to integrate secure software development lifecycle (SSDLC) practices. Promote threat modeling, secure code reviews, and automated security testing (SAST/DAST) across development pipelines.
Security & Compliance Requirements: Interpret, define, and map product security and compliance requirements against global standards and regulations (e.g., UNECE WP.29 R155/R156, ISO/SAE 21434, ISO 27001, NIST SP 800-53).
Vulnerability Remediation & Tracking: Lead the end-to-end tracking, prioritization, and remediation of product and third-party vulnerabilities. Coordinate with engineering teams to monitor patch management lifecycles and report on compliance metrics.
Audit & Evidence Collection: Manage and maintain compliance documentation and evidence artifacts for internal audits and external regulatory submissions (e.g., vehicle type approvals and energy sector certifications).
Operational Excellence: Establish and optimize compliance dashboards, KPIs, and reporting mechanisms to track product cybersecurity posture and compliance scores.
Collaboration & Innovation: Partner closely with Purchasing, Legal, Product Engineering, and enterprise IT security teams to drive a unified risk management strategy. Apply automated tools and modern approaches to scale supply chain risk assessments and vulnerability tracking processes.
Requirements
Required Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.
3–5 years of experience in Product Cybersecurity, IT Compliance, Cybersecurity Governance, Risk & Compliance (GRC), or Security Auditing.
Proven experience evaluating third-party vendor risk, conducting supplier assessments, and analyzing Software Bills of Materials (SBOMs).
Solid understanding of Secure Software Development Lifecycles (SSDLC), secure coding standards (e.g., OWASP, CERT), and DevSecOps integrations.
Demonstrated knowledge of cybersecurity frameworks and standards such as ISO/SAE 21434, UNECE R155, ISO 27001, NIST CSF, or SOC 2.
Experience using vulnerability tracking and management tools (e.g., Jira, ServiceNow, Kenna, or platform-specific GRC tools) to drive remediation lifecycles.
Qualifications
Even better, you may have...
Leadership Attributes: Detail-oriented and analytical thinker capable of managing multiple compliance streams in a fast-paced, evolving regulatory environment.
Professional certifications such as CISA, CRISC, CISSP, CompTIA Security+, or CCSK are highly desirable.
Direct experience in the Automotive, EV, Renewable Energy, Aerospace, or regulated manufacturing industries.
Experience with automated SBOM analysis tools (e.g., Black Duck, Snyk, Dependency-Track).
Exceptional written and verbal communication skills, with the proven ability to translate complex technical vulnerabilities into clear compliance risk profiles for diverse stakeholders.
Benefits
Immediate medical, dental, vision and prescription drug coverage
Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
Vehicle discount program for employees and family members and management leases
Tuition assistance
Established and active employee resource groups
Paid time off for individual and team community service
Pay
This position is a salary grade 7 - 8 and ranges from $86,600-$166,200. Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.
Schedule
This role is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week.