Descripción
The Role:
The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics.
The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub‑ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk‑informed, compliance‑focused decisions.
What You'll Do:
Compliance Oversight & Risk Management
-
Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF), using its Functions, Categories, and Subcategories to structure policies, controls, assessments, and reporting, while also meeting applicable regulatory and industry standards.
-
Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains.
-
Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements.
-
Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set.
ILM Program Compliance
-
Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements.
-
Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories.
-
Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness.
-
Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations.
Export Controls Compliance
-
Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments.
-
Partner with the ECO/Sub‑ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring).
-
Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing.
-
Support investigations, issues management, and remediation for Export‑related control deficiencies and incidents.
Business Continuity & Cyber Resilience
-
Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events.
-
Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover).
-
Support exercises, simulations, and post‑event reviews to validate the effectiveness of BCP‑related cyber controls and drive continuous improvement.
Reporting, Dashboards & Executive Communication
-
Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders.
-
Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends.
-
Translate technical compliance and control findings into plain‑language, decision‑ready insights for non‑technical stakeholders, emphasizing business and regulatory impact.
Data, Automation & GRC Platforms
-
Manage Cybersecurity’s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations.
-
Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP.
-
Collaborate with Cybersecurity and IT teams to populate and maintain high‑quality risk and compliance data for these domains.
-
Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports.
Your Skills & Abilities (Required Qualifications):
-
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field.
-
Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization.
-
Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO).
-
Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI‑DSS, GDPR, CCPA, export regulations, records/retention requirements).
-
Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations.
-
Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting.
-
Excellent communication, presentation, and interpersonal skills; able to translate technical compliance topics into concise, executive‑ready messages.
-
Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment.
What Will Give You A Competitive Edge (Preferred Qualifications):
-
Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field.
-
Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management.
-
Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800‑34, and COBIT DSS04.
-
Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities.
-
Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards.
-
Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP.
-
Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise.
-
Experience working with globally distributed teams and cross‑functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity).
#LI-SB3
GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.)
Este puesto se clasifica como híbrido. Esto significa que se espera que el candidato seleccionado se presente en una ubicación específica al menos 3 veces por semana {o con otra frecuencia indicada por su líder}.
Este puesto no es elegible para beneficios de reubicación. Los posibles costos de relocalización serán responsabilidad del candidato seleccionado.
Información sobre diversidad
General Motors se compromete a ser un lugar de trabajo en el cual no solo no haya discriminación indebida, sino que fomente con sinceridad la inclusión y el sentido de pertenencia. Creemos firmemente que la diversidad del personal crea un entorno en el cual nuestros empleados pueden prosperar y desarrollar mejores productos para nuestros clientes. Instamos a los candidatos interesados a que revisen las responsabilidades y aptitudes clave para cada puesto y se postulen para los puestos que coincidan con sus habilidades y capacidades. Es posible que, cuando corresponda, se les pida a los solicitantes que están en el proceso de contratación que completen satisfactoriamente una o más evaluaciones relacionadas con su función y/o una evaluación previa al empleo antes de comenzar a trabajar. Para obtener más información, visite Cómo contratamos.
Declaración de igualdad de oportunidades en el empleo (EE.UU.)
General Motors se enorgullece de ser un empleador que ofrece igualdad de oportunidades. Todos los solicitantes calificados serán tenidos en cuenta para el empleo sin distinción de raza, color, religión, sexo, orientación sexual, identidad de género, nacionalidad, discapacidad o condición de veterano protegido.
Adecuaciones (EE.UU. y Canadá)
General Motors ofrece oportunidades a todos los solicitantes de empleo, incluyendo las personas con discapacidades. Si necesita una adecuación razonable para ayudarle con su búsqueda o solicitud de empleo, envíenos un correo electrónico a [email protected] o llámenos al 800-865-7580. En su correo electrónico, incluya una descripción del puesto específico que está solicitando, así como el título del empleo y el número de solicitud del puesto que está solicitando.
