Compliance- Product Cybersecurity, Ford Energy

In this position... 
As the Product Cybersecurity Compliance Analyst, you will play a critical role in securing Ford Energy’s grid-scale and commercial systems. You will implement, validate, and optimize cybersecurity compliance across our product ecosystems, ensuring that our cutting-edge hardware and software platforms remain resilient against evolving threats.

In this high-impact position, you will support immediate product security initiatives, ensuring both third-party components and internal software developments adhere to rigorous security standards. By leading supply chain risk management, secure development practices, and vulnerability remediation tracking, you will safeguard the infrastructure powering the next generation of the American grid.

What you'll do...

Key Responsibilities:

• Supply Chain & Third-Party Governance: Conduct detailed cybersecurity risk assessments on third-party software, hardware, and cloud suppliers. Review Software Bills of Materials (SBOMs), vendor security postures, and supply chain risk profiles to ensure alignment with company security requirements. 
• Secure Development Practices: Collaborate with product engineering teams to integrate secure software development lifecycle (SSDLC) practices. Promote threat modeling, secure code reviews, and automated security testing (SAST/DAST) across development pipelines. 
• Security & Compliance Requirements: Interpret, define, and map product security and compliance requirements against global standards and regulations (e.g., UNECE WP.29 R155/R156, ISO/SAE 21434, ISO 27001, NIST SP 800-53).
• Vulnerability Remediation & Tracking: Lead the end-to-end tracking, prioritization, and remediation of product and third-party vulnerabilities. Coordinate with engineering teams to monitor patch management lifecycles and report on compliance metrics.
• Audit & Evidence Collection: Manage and maintain compliance documentation and evidence artifacts for internal audits and external regulatory submissions (e.g., vehicle type approvals and energy sector certifications). 
• Operational Excellence: Establish and optimize compliance dashboards, KPIs, and reporting mechanisms to track product cybersecurity posture and compliance scores. 
• Collaboration & Innovation: Partner closely with Purchasing, Legal, Product Engineering, and enterprise IT security teams to drive a unified risk management strategy. Apply automated tools and modern approaches to scale supply chain risk assessments and vulnerability tracking processes.

You'll have...

Required:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field. 
• 3–5 years of experience in Product Cybersecurity, IT Compliance, Cybersecurity Governance, Risk & Compliance (GRC), or Security Auditing. 
• Proven experience evaluating third-party vendor risk, conducting supplier assessments, and analyzing Software Bills of Materials (SBOMs). 
• Solid understanding of Secure Software Development Lifecycles (SSDLC), secure coding standards (e.g., OWASP, CERT), and DevSecOps integrations. 
• Demonstrated knowledge of cybersecurity frameworks and standards such as ISO/SAE 21434, UNECE R155, ISO 27001, NIST CSF, or SOC 2. 
• Experience using vulnerability tracking and management tools (e.g., Jira, ServiceNow, Kenna, or platform-specific GRC tools) to drive remediation lifecycles.

Even better, you may have...
Leadership Attributes:

• Detail-oriented and analytical thinker capable of managing multiple compliance streams in a fast-paced, evolving regulatory environment.
• Professional certifications such as CISA, CRISC, CISSP, CompTIA Security+, or CCSK are highly desirable.
• Direct experience in the Automotive, EV, Renewable Energy, Aerospace, or regulated manufacturing industries.
• Experience with automated SBOM analysis tools (e.g., Black Duck, Snyk, Dependency-Track).
• Exceptional written and verbal communication skills, with the proven ability to translate complex technical vulnerabilities into clear compliance risk profiles for diverse stakeholders.

Location & Travel:

• Location Dearborn, MI 
• Travel Expectations: This role requires travel to customer sites and project locations as needed to support technical solutions and site assessments.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service 
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day 
• Paid time off and the option to purchase additional vacation time. 

This position is a salary grade 7 - 8 and ranges from $86,600-$166,200.

Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.

For more information on salary and benefits, click here: https://fordcareers.co/GSR

Visa sponsorship is not available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

This position is hybrid. Candidates who are in commuting distance to a Ford hub location may be required to be onsite four or more days per week. 

Company: As Ford establishes a wholly owned subsidiary focused on Battery Energy Storage Systems, this role will initially be employed by Ford and is expected to transition to the subsidiary within one year.

#LI-KF2 

#FordEnergy

#LI-Hybrid