Manager, Compliance and Risk Management

The Enterprise Security & Compliance Manager for China will serve as the primary leader for safeguarding Ford’s digital assets and ensuring total adherence to the People’s Republic of China’s stringent data and cybersecurity regulatory framework. This role balances the implementation of Ford’s Information Security Policy with the specific legal requirements of the China region, ensuring that product development and business operations remain secure, compliant, and resilient.

Scope:

China region.

• Lead and manage the Enterprise Cybersecurity team for the China region.
• Lead and manage a dedicated Data Security and Compliance team focused on PRC-specific legislation.
• Direct the implementation of the Information Security Policy (ISP) across all business units.
• Ensure full organizational alignment and compliance with the China Cybersecurity Law (CSL), Personal Information Protection Law (PIPL), and Data Security Law (DSL).
• Monitor changes in local regulations and proactively adjust internal controls to prevent non-compliance risks.
• Facilitate the China Data Security and Compliance Committee and related forums.
• Act as the bridge between product teams and executive leadership, providing regular updates on the compliance risk posture.
• Drive cross-functional collaboration between Legal/OGC, E&SC, ET, EVD, PD, IA/IC, MSS, HR and business units to ensure a unified approach to data security governance.
• Identify, catalog, and manage "Important Data" as defined by relevant regulatory authorities.
• Drive 100% compliance for the company, including leading the preparation and execution of external government audits and inspections.
• Drive Privacy by Design initiative across all products.

Integrate security and privacy requirements directly into the Product Development Life Cycle for vehicle hardware, software and enterprise applications.

Education Qualification: Bachelor’s degree in Computer Science, Management Information Systems, Computer Information Systems, Cybersecurity, or Information Assurance.

Number of Years of Experience: 6+ years of experience in automotive enterprise cybersecurity, with at least 3 years of specialized focus on data security and PRC regulatory compliance.

Leadership Skills: 

• Proven ability to drive compliance across product teams that may have competing delivery deadlines.
• Skill in interacting with government agencies (e.g., CAC, MIIT, MPS). This requires a nuanced understanding of how to communicate Ford’s compliance status professionally and transparently during audits.
• The ability to translate complex regulatory requirements into business impacts.
• Essential for driving the “Privacy by Design” initiative. Be able to shift the organizational culture from "compliance as an afterthought" to "compliance as a core feature.
• High resilience when handling potential security breaches, incidents or government audits/inspections.Proven ability to drive compliance across product teams that may have competing delivery deadlines.

Functional/Technical Skills

• Mastery of the Information Security Policy, Cybersecurity Law, Data Security Law, and Personal Information Protection Law.
• Deep understanding of the Multi-Level Protection Scheme 2.0 framework, including grading, filing, and passing the required technical assessments for critical systems.
• Proficiency in identifying and categorizing "Important Data" as defined by industry-specific guidelines/provisions.
• Technical understanding of how to embed security requirements, secrets scanning, software composition analysis, static application security testing, dynamic application security testing, threat modeling, penetration testing, and vulnerability management into the product development process.
• Technical and legal knowledge regarding the requirements for keeping data within China and the specific procedures (security assessments/standard contracts) required for exporting PII/Important data.