Cyber Risk Management & Controls Assurance Manager

Description

This role is categorized as Hybrid. This means the successful candidate is expected to report to Warren, MI 3 times per week, at minimum [or other frequency dictated by the business].

The Role:

The Cybersecurity Risk Management and Controls Assurance Manager role supports the activities of the Information Security and Risk Management - Governance, Risk & Compliance group.  This role will lead a team of security professionals and will play a pivotal part in ensuring the effectiveness and alignment of our Cybersecurity practice with industry best practices, regulatory requirements, and business objectives.  This role will be responsible for leading and executing the organization's cybersecurity Risk Management strategy, proactively identifying, assessing, and mitigating inherent risks to GM’s critical data, networks, and infrastructure.  This role is also instrumental in regularly evaluating the adequacy of the design and operating effectiveness of cybersecurity controls, identifying potential weaknesses, and ensuring appropriate actions plans are in place to reduce residual risks and improving GM’s overall risk posture. 

What You'll Do:

• Develop and maintain a comprehensive GRC framework, tailored for our Cybersecurity program, aligning with industry standards (e.g., NIST CSF, ISO 27001), regulations, and organizational goals.
• Define and implement a comprehensive Risk Management process, including a quantifiable means to calculate both inherent and residual risks, and GM’s overall risk posture.
• Conduct regular risk assessments of cybersecurity threats, vulnerabilities, and environmental factors affecting the business, and analyze and prioritize identified risks based on their impact and likelihood.
• Formulate effective risk mitigation strategies, including potential control implementation and enhanced monitoring mechanisms, aligned to industry best practices.
• Monitor and track mitigation results, assess impacts to residual risks, and recommend adjustments to the unified controls framework.
• Report and present on Risk Management progress to stakeholders.
• Perform regular evaluations to assess the adequacy of the design and operating effectiveness of existing cybersecurity controls, identify control gaps and weaknesses, recommending solutions for improvement.
• Develop and deliver clear and concise reports on risk assessments and control effectiveness status to senior management and relevant stakeholders.
• Manage and maintain ISRM’s GRC platform, analytics, and reporting (i.e., IBM OpenPages).
• Drive the organization to a continuous controls monitoring and reporting environment.

Your Skills & Abilities (Required Qualifications):

• Bachelor’s degree in Cybersecurity, Computer Science, or related field
• Minimum 7 years of experience in cybersecurity, GRC, computer science, or related field.
• Prior experience leading global, geographically disbursed, teams.
• In-depth knowledge of Risk Management and compliance frameworks (e.g., FAIR, ERM, COSO).
• In-depth knowledge of industry standards, and best practices (e.g., NIST CSF, ISO 27001, NIST 800-53, etc.).
• Familiarity with cybersecurity related legal /regulatory requirements (e.g., SOX, PCI-DSS, GDPR, CCPA, etc.).
• Understanding of incident response, threat intelligence, and vulnerability management processes.
• Experience managing GRC software tools and platforms (e.g., Archer, ServiceNow, IBM OpenPages).
• Strong analytical, problem-solving, critical thinking, and organization skills.
• Strong decision-making skills, and attention to detail and accuracy.
• Ability to manage multiple, highly complex projects concurrently, and prioritize effectively.
• Excellent communication, presentation, and interpersonal skills.
• Ability to collaborate effectively with stakeholders across all levels of the organization.
• Ability to work independently and as part of a team.
• Adaptability, openness to change, and willingness to learn new skills.
• Strong work ethic and commitment to excellence.

What Will Give You A Competitive Edge (Preferred Qualifications) ​:

• Relevant professional certifications (e.g., CGRC, CRISC, CISA, CISSP, PMP).
• Database Management, programming, and data analytics experience

Additional Description

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us 

We aspire to be the most inclusive company in the world. We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.

Total Rewards | Benefits Overview

From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources. 

Diversity Information

General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers.  We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire

Equal Employment Opportunity Statement (U.S.)

General Motors is proud to be an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.  

Accommodations (U.S. and Canada)

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us Careers.Accommodations@GM.com or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.