Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Security Compliance Engineer at Ford Motor Company
Palo Alto, CA 94305, USA -
Full Time

Start Date

Immediate

Expiry Date

14 Nov, 25

Salary

0.0

Posted On

14 Aug, 25

Experience

6 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Adoption, Christmas

Industry

Information Technology/IT

Description

YOU’LL HAVE…

  • Bachelor’s or Master’s degree in Computer Science, Information Security, a related technical field or equivalent combination of relevant education and experience.
  • 6 years of professional experience in information security, compliance, or a related domain.
  • 2 years experience using compliance automation tools (e.g., Drata, Vanta, Tugboat Logic).2 years experience DevSecOps best practices and secure software development lifecycles.
-
Responsibilities

IN THIS ROLE…

The Ford Cloud Platform Engineering (CPE) team oversees the Ford Connected Vehicle Cloud, including the Transport Mobility Cloud (TMC) and its integrated application ecosystem. TMC serves as Ford’s global Connected Vehicle Cloud Platform, supporting over 21 million vehicles in production worldwide.
The Security Compliance Engineer will partner closely with Cloud Engineering, DevOps, and Security teams to guarantee the secure operation and maintenance of our microservices-based cloud platforms, aligning them with ISO 27001 and SOC 2 Type 2 standards. This role is central to leading compliance initiatives from start to finish, ensuring robust protection of customer data within our application services and full-stack infrastructure, and securing ongoing regulatory readiness

WHAT YOU’LL DO…

  • Compliance Management:
  • Own the end-to-end lifecycle of ISO 27001 and SOC 2 Type 2 compliance.
  • Lead internal and external audit processes, ensuring timely evidence collection, gap analysis, and remediation tracking.
  • Maintain the Information Security Management System (ISMS) and related documentation.
  • Collaborate with external auditors, legal, and risk management teams to ensure audit success and continuous compliance.
  • Security Governance & Risk Management:
  • Develop, implement, and maintain security policies, procedures, and controls aligned with industry standards (e.g., NIST, CIS, GDPR).
  • Perform regular risk assessments and ensure risks are mitigated appropriately across infrastructure, storage, messaging, networking, and Kubernetes environments.
  • Conduct security and compliance training for internal stakeholders.
  • Cloud Infrastructure & Application Oversight:
  • Work closely with DevOps and platform teams to ensure secure deployment practices across:
  • Kubernetes and Containerization
  • Kafka messaging systems
  • Cloud-based databases and object storage
  • Network configurations and ingress/egress controls
  • Validate that appropriate monitoring, logging, and incident response mechanisms are in place.
  • Continuous Improvement:
  • Monitor evolving regulatory and industry landscapes and update compliance posture accordingly.
  • Champion automation for compliance tasks (e.g., evidence gathering, configuration monitoring, and drift detection).
  • Foster a culture of security and compliance throughout the development lifecycle.