The Sr. IT Auditor (Cybersecurity Assurance) is responsible for demonstrating skills in assessing IT process and technology risks, identifying and evaluating the design of IT controls, designing, executing and documenting IT audit tests, and making initial determination of reportable issues. During the audit process, completes work timely and in accordance with GMAS Audit Methodology (Agile), Institute of Internal Auditors (IIA) and other applicable standards, and defined plans, budgets, and schedules.
- Develop understanding of appropriate business aspects, cyber risks, IT control requirements, processes and systems under review.
- Perform process and technology risk analyses, prepare process maps and flowcharts, and prepare effective and efficient compliance and substantive technical test plans; and execute in depth IT audit tests.
- Perform assessment of IT process and security controls within information systems environment.
- Evaluate test results: accurately identify symptoms, root cause, problems, identify alternative controls and develop recommendations.
- Prepare work papers, draft grammatically correct issue letters and other documents; assist in preparation of the draft audit report.
- Evaluate the completeness of the auditee's corrective action plans.
- Elevate issues/concerns as necessary within GMAS.
- Perform related work as assigned by lead auditor(s) and/or Manager.
- Bachelor’s Degree in Information Technology, Computer Science, or related field preferred
- Three years or more of professional experience or job related experience in IT Audit, Information Security, or Information Technology
- Extensive knowledge and skill of IT analysis which includes expertise in analyzing confidentiality, integrity, availability (CIA) of complex IT systems.
- Expertise in Internal Controls concepts and practices, such as NIST, CoBIT, ITIL.
- Strong understanding of networking concepts such as routing, switching, access control lists, IDS/IPS, and firewalls.
- Knowledge and understanding of industry standards and best practices as it relates to cyber risk, authentication, encryption and secure communications.
- Familiarity with Secure Software Development practices
- Familiarity with various operating system platforms (UNIX/Linux, Windows) and security best practices for each.
- Detailed knowledge of communications protocols, such as Bluetooth, Wi-Fi, CDMA, GSM, TCP/IP, Ethernet, etc.
- Effective oral and written communication skills.
- Graduate Degree in Information Technology, Computer Science, or related field
- Professional certification (CEH, Network +, CISA, CISM, CISSP or other certifications)
- Experience in Embedded Device programming and security, penetration testing and / or fuzz testing
- Experience with various programming or scripting languages
- Strong interpersonal skills and demonstrable leadership ability
- Strong analytical and problem solving ability
- Ability to work independently
- Domestic travel - minimal; international travel possible
- Agrees to pursue professional development opportunities and to obtain professional certification if not already certified
Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.
Why Join Us
We aspire to be the most inclusive company in the world. We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Our Work Appropriately philosophy supports our foundation of inclusion and provides employees the flexibility to work where they can have the greatest impact on achieving our goals, dependent on role needs. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.
The goal of the General Motors total rewards program is to support the health and well-being of you and your family. Our comprehensive compensation plan incudes, the following benefits, in addition to many others:
• Paid time off including vacation days, holidays, and parental leave for mothers, fathers and adoptive parents;
• Healthcare (including a triple tax advantaged health savings account and wellness incentive), dental, vision and life insurance plans to cover you and your family;
• Company and matching contributions to 401K savings plan to help you save for retirement;
• Global recognition program for peers and leaders to recognize and be recognized for results and behaviors that reflect our company values;
• Tuition assistance and student loan refinancing;
• Discount on GM vehicles for you, your family and friends.
General Motors is committed to being a workplace that is not only free of discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We understand and embrace the variety through which people gain experiences whether through professional, personal, educational, or volunteer opportunities. GM is proud to be an equal opportunity employer.
We encourage interested candidates to review the key responsibilities and qualifications and apply for any positions that match your skills and capabilities.
Equal Employment Opportunity Statements
The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity (EEO) Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at Careers.Accommodations@GM.com or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.