Saltar al contenido principal

Sr. Analyst, Cybersecurity Risk Management & Controls Assurance

  • Ubicación
    • Austin, Texas
    • Roswell, Georgia
    • Warren, Michigan
  • Cronograma Full time
  • Publicado
  • Job Requisition JR-202510232

Descripción

Location:

Hybrid: This role is categorized as hybrid. This means the successful candidate is expected to report onsite at the Warren-MI, Austin-TX, Roswell GA location at least three times per week minimum or other frequency dictated by the business. This job is not eligible for relocation benefits. Any relocation costs would be the responsibility of the selected candidate

The Role

The Cybersecurity Risk Management and Controls Assurance Sr. Analyst plays a pivotal role in strengthening GM’s cybersecurity posture. This position is responsible for identifying, assessing, and mitigating cybersecurity risks impacting GM’s people, platforms, products, productions, and partners. The Sr. Analyst ensures security controls are enforced, frameworks align with industry standards, and risk-related data is optimized to enhance resilience. This role drives collaboration with stakeholders to improve cybersecurity governance while managing GRC platforms, developing key cybersecurity metrics, and leveraging data visualizations for informed risk insights and decision-making. Additionally, the Sr. Analyst proactively evaluates and enhances the design and operating effectiveness of cybersecurity controls, identifying weaknesses and implementing continuous control monitoring and automation to minimize risk and reinforce security.

Risk Management:

  • Implement a comprehensive risk management program, including a quantifiable means to calculate both inherent and residual risks, and GM’s overall risk posture.
  • Conduct regular risk assessments of cybersecurity threats, vulnerabilities, and environmental factors affecting the business.
  • Analyze and prioritize identified risks based on their impact and likelihood.
  • Execute risk mitigation strategies, including potential control implementation and enhanced monitoring mechanisms, aligned to industry best practices.
  • Monitor and track mitigation results, assess impacts to residual risks, and recommend adjustments to the unified controls framework.
  • Report and present risk management progress to stakeholders.
  • Utilize quantitative and qualitative risk assessment methods to support informed decision-making and improve GM's overall cybersecurity risk posture.
  • Provide guidance and expertise to junior analysts and cross-functional teams on cybersecurity risk management best practices.

Controls Assurance:

  • Perform regular evaluations to assess the adequacy of the design and operating effectiveness of existing cybersecurity controls.
  • Identify control gaps and weaknesses, recommending solutions for improvement.
  • Conduct validations to ensure root causes of identified deficiencies are properly addressed.
  • Monitor and track progress on control remediation efforts to closure.
  • Support business continuity and risk resilience efforts, ensuring cybersecurity controls effectively mitigate potential threats and disruptions.

Unified Controls Framework:

  • Assist in the development and maintenance of a comprehensive GRC framework, tailored for GM’s Cybersecurity program, aligning with industry standards (e.g., NIST CSF, CIS), regulations, and organizational goals.
  • Ensure clear control ownership and alignment across all Cybersecurity functions.
  • Maintain essential GRC documentation, including processes, procedures, and risk registers.
  • Integrate GRC processes with enterprise-wide cybersecurity initiatives, processes, and reporting requirements.

Reporting and Communication:

  • Develop clear and concise reports on risk assessments and control effectiveness status for senior management and relevant stakeholders.
  • Collaborate between cybersecurity and other departments on risk and cybersecurity control-related matters.
  • Communicate effectively with cross-functional teams to build understanding and support for risk and controls-related initiatives.
  • Work closely with leadership to develop and refine cybersecurity risk strategies that align with GM’s business objectives.
  • Effectively communicate cybersecurity risk insights to stakeholders, translating technical findings into actionable business strategies.

Data & Automation:

  • Manage and maintain Cybersecurity’s GRC platform, analytics, and reporting (i.e., ServiceNow IRM).
  • Assist in the migration to and configuration of the ServiceNow IRM modules.
  • Support and maintain the Risk & Controls Dashboard.
  • Collaborate with federated Cybersecurity teams to populate risk-related data.
  • Assist in driving the organization to a continuous controls monitoring and reporting environment.
  • Design, develop, and implement GRC workflows to streamline risk initiatives.
  • Design and implement data integration strategies to consolidate information from multiple sources into a unified system.

Continuous Improvement:

  • Identify opportunities to improve the effectiveness and efficiency of our GRC program.
  • Implement initiatives to enhance the overall cybersecurity posture of the organization.
  • Stay informed about evolving cybersecurity threats, regulations, and best practices.
  • Maintain awareness of evolving cyber threats, industry trends, and regulatory developments to proactively strengthen GM’s cybersecurity framework.
  • Research and evaluate emerging threats, technologies, and security trends to enhance GM’s cybersecurity risk posture.

[Additional Description]

Requirements:

GM DOES NOT PROVIDE IMMIGRATION-RELATED SPONSORSHIP FOR THIS ROLE. DO NOT APPLY FOR THIS ROLE IF YOU WILL NEED GM IMMIGRATION SPONSORSHIP NOW OR IN THE FUTURE. THIS INCLUDES DIRECT COMPANY SPONSORSHIP, ENTRY OF GM AS THE IMMIGRATION EMPLOYER OF RECORD ON A GOVERNMENT FORM, AND ANY WORK AUTHORIZATION REQUIRING A WRITTEN SUBMISSION OR OTHER IMMIGRATION SUPPORT FROM THE COMPANY (e.g., H-1B, OPT, STEM OPT, CPT, TN, J-1, etc.)

  • Bachelor’s degree in Cybersecurity, Computer Science, Computer Information Systems, Information Technology, or related fields.
  • Minimum 5 years of experience in cybersecurity, GRC, computer science, or related field.
  • Prior experience with global, geographically dispersed teams.
  • In-depth knowledge of risk management and compliance frameworks (e.g., FAIR, ERM, COSO).
  • In-depth knowledge of industry standards and best practices (e.g., CIS, MITRE ATT&CK, NIST CSF, ISO 27001, NIST 800-53, etc.).
  • Familiarity with cybersecurity-related legal/regulatory requirements (e.g., SOX, PCI-DSS, GDPR, CCPA, etc.).
  • Understanding of incident response, threat intelligence, and vulnerability management processes.
  • Experience managing GRC software tools and platforms (e.g., ServiceNow IRM).
  • Strong analytical, problem-solving, critical thinking, and organization skills.
  • Strong decision-making skills, attention to detail, and accuracy.
  • Ability to assist in the management of multiple, highly complex projects concurrently, and prioritize effectively.
  • Excellent communication, presentation, and interpersonal skills.
  • Ability to collaborate effectively with stakeholders across all levels of the organization.
  • Ability to work independently and as part of a team.
  • Adaptability, openness to change, and willingness to learn new skills.
  • Proficiency in Microsoft 365 (PowerPoint, Teams, SharePoint, OneDrive, Outlook, and Power Platform).
  • Strong work ethic and commitment to excellence.

Preferred Qualifications:

  • Master’s degree in Cybersecurity, Computer Science, Computer Information Systems, Information Technology, or related fields.
  • Demonstrated experience in IT control auditing, including evaluating internal controls, performing audit testing, and supporting audits and assessments aligned with regulatory or industry standards (e.g., SOX, NIST, ISO 27001).
  • Relevant professional certifications (e.g., CGRC, CRISC, CISA, CISM, CISSP, PMP).

Compensation: The compensation information is a good faith estimate only. It is based on what a successful applicant might be paid in accordance with applicable state laws. The compensation may not be representative for positions located outside of New York, Colorado, California, or Washington

  • Compensation: The expected base compensation for this role is : $134,000 - $205,000 Actual base compensation within the identified range will vary based on factors relevant to the position.
  • Bonus Potential: An incentive pay program offers payouts based on company performance, job level, and individual performance.
  • Benefits: GM offers a variety of health and wellbeing benefit programs. Benefit options include medical, dental, vision, Health Savings Account, Flexible Spending Accounts, retirement savings plan, sickness and accident benefits, life insurance, paid vacation & holidays.

#LI-EL1

Información sobre diversidad

General Motors se compromete a ser un lugar de trabajo en el cual no solo no haya discriminación indebida, sino que fomente con sinceridad la inclusión y el sentido de pertenencia. Creemos firmemente que la diversidad del personal crea un entorno en el cual nuestros empleados pueden prosperar y desarrollar mejores productos para nuestros clientes. Instamos a los candidatos interesados a que revisen las responsabilidades y aptitudes clave para cada puesto y se postulen para los puestos que coincidan con sus habilidades y capacidades. Es posible que, cuando corresponda, se les pida a los solicitantes que están en el proceso de contratación que completen satisfactoriamente una o más evaluaciones relacionadas con su función y/o una evaluación previa al empleo antes de comenzar a trabajar.  Para obtener más información, visite Cómo contratamos.

Declaración de igualdad de oportunidades en el empleo (EE.UU.)

General Motors se enorgullece de ser un empleador que ofrece igualdad de oportunidades.  Todos los solicitantes calificados serán tenidos en cuenta para el empleo sin distinción de raza, color, religión, sexo, orientación sexual, identidad de género, nacionalidad, discapacidad o condición de veterano protegido. 

Adecuaciones (EE.UU. y Canadá)

General Motors ofrece oportunidades a todos los solicitantes de empleo, incluyendo las personas con discapacidades. Si necesita una adecuación razonable para ayudarle con su búsqueda o solicitud de empleo, envíenos un correo electrónico a [email protected] o llámenos al 800-865-7580. En su correo electrónico, incluya una descripción del puesto específico que está solicitando, así como el título del empleo y el número de solicitud del puesto que está solicitando.

 

Quienes somos

Two GM employees talking in hallway

Our Culture

Working at GM

Driven by innovation and creating an environment to inspire, we embrace the responsibility to make our world better, safer and more equitable for all

A mother and two children spend quality time together in their backyard after work

Total Rewards

A better tomorrow begins with you

From day one, we’re looking out for your well-being— at work and at home— so you can focus on realizing your ambitions

Únete a la comunidad de talentos

Conozca las próximas oportunidades profesionales y eventos en Pendulum

Únete ahora
A scene of people in an office

Únete a la comunidad de talentos

Somos ambiciosos. Estamos comprometidos. Y traemos la pasión de la vida al trabajo. Comuníquese con nosotros para obtener más información sobre cómo comenzar su carrera en GM.

Buscar Oportunidades de Carrera Únete a nuestra Comunidad de Talento
Join Talent Community
Untitled Design (19) 645E57fc Fd25 46Bf Bfa8 Dc117a78bd0a EQ100 Color 082624 White Linkedin Top Companies 2025 White Ribbon Generated Image Vets Indexes 2024 White 38908 Seramount 2024 Badges Outlines 100 Best Company White 05 14 2024 Diversity Inc Top 50 Logo White