[Skip To Content]

Ecosystem Cybersecurity Architect

  • Localização
    • Austin, Texas
    • Warren, Michigan
  • Agendar Full time
  • Postou


Work Arrangement

This role is categorized as hybrid. This means the successful candidate is expected to report to GM Global Technical Center in Warren, Michigan three times per week, at minimum.

The Role

The Ecosystem Cybersecurity Architect brings together complex and converging across General Motors and third-party ecosystems to secure technologies. Through a holistic view of cybersecurity of customer-facing products and services to surface interconnected risks, illuminate digital dependencies, and define roles and responsibilities. Through broad cross-functional ability to execute global cybersecurity strategy by fostering collaboration, increasing awareness, and enhancing engagement.

Together our partners and Cybersecurity Risk Management team seek opportunities to assess tasks, plan, and execute on time. Our role is pivotal in the enterprise practices around cybersecurity with exposure to senior leaders around the organization. Driving the corporate and industry facing GM Cybersecurity strategy and leadership to encompass our customers, products, and assets.

What You’ll Do (Responsibilities)

Analyze & Align

  • Execute the end-to-end evaluation of products, services, and solutions that align with business and customer needs

  • Pioneer the assessment and understanding of risks, threats, and exploits at an ecosystem level to enable risk-informed decisions

  • Examine new and existing product, systems, and interfaces to decide the efficacy of cybersecurity programs

  • Drive ecosystem threat modeling, risk assessment, and penetration testing and advise on proper mitigations

  • Understand where data interdependencies live across the ecosystem

Lead & Enrich

  • Spearhead GM’s cybersecurity center of excellence and devise a holistic cybersecurity strategy

  • Develop an ecosystem methodology that considers customer needs, business advancements, and external requirements

  • Enable sustainable GM Value Streams, to promote secure practices and advocate for a cybersecurity-by-design culture

  • Broaden cybersecurity risk management and advise business, technology, and cybersecurity stakeholders and executive leadership

Govern & Guide

  • Research emerging technologies and methodologies to increase GM’s ability to mitigate unconventional threat vectors

  • Engage with third-parties, partners, and industry to evolve domain-focused security solutions

  • Monitor changes in technology, the industry, and regulatory landscapes to keep GM Cybersecurity aware of emerging threats and risks

  • Establish ecosystem cybersecurity metrics and define Key Performance Indicators, standards, processes, and procedures

Develop & Coach

  • Guidelines, standards, patterns, cybersecurity principles, findings and lessons learned

  • Product/Service-focused ecosystem architecture models (relational, interaction diagrams) including

  • End-to-end information flow

  • Risks, attack paths, and mitigations

  • Privacy, standards, and regulatory compliance

  • Skills, capabilities, and technologies

  • Ecosystem security models and roadmaps

  • Inventories, asset registers, ownership, roles and responsibilities

[Additional Description]

Your Skills & Abilities (Required Qualifications)

  • Bachelor’s Degree or equivalent work experience (10 years+) in cybersecurity with a focus on security architecture, identity & access management and solutions architecture in large, complex technical environments

Technical Experience

  • Demonstrable experience designing or managing a corporate cybersecurity and compliance program(s)

  • Experience with on-premises, hosted, and cloud services supporting products and services requiring a converged approach

  • Extensive knowledge in security principles, such as encryption/key management, network design, access control and incident containment

  • Familiar with information, embedded, and operational technology disciplines, intersections, and security solutions

  • Thorough understanding of security principles, such as encryption/key management, network design, access control and incident containment

  • Knowledge of the regulatory landscape and intricacies related to industry cybersecurity standards and best practices ( examples include: NIST CSF, SSDF, NIST 800-53, ISO 270001/2, ISO/IEC 15.x.x, NHTSA Best Practices, ISO/SAE 21434, SOC2, etc ) and state privacy laws

  • Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), or other.

  • Experience with policy/standard creation and acceptance

Interpersonal Experience

  • Excellent communication and collaboration skills, including the ability to lead without authority, resolve cross-team issues, effectively communicate changes, and interact with team members at all levels from the end-user to senior leadership

  • Exhibit creative and analytical thinking to evaluate situations objectively, work independently with minimum direction in a fast-paced environment, and collaborate effectively

  • Superb communicator to serve as primary liaison between business and technical teams

  • A growth mindset and willingness to learn and continuously improve

  • Thorough understanding of risk management principles and processes

  • Capable of decisions and recommendations while considering tradeoffs between conflicting objectives

  • Business acumen and management skills; personable, approachable, empathetic; proved managerial courage

  • Exhibit leadership in cross-functional teams to develop, implement, and test cross-domain solutions

  • Strong teamwork, project management, and team-building skills and the potential to direct teams and push projects across various departments

What Will Give You a Competitive Edge (Preferred Qualifications)

  • Experience in more than one domain of cybersecurity (IT, Manufacturing, Product)

  • Proficient in architecture frameworks (TOGAF, Zachman)

  • 15 years of overall automotive or technology experience

  • Strong knowledge and experience of on-premises, hosted, and cloud security; industry cybersecurity standards and best practices listed above

This position requires the ability to legally operate a motor vehicle on a regular basis and successfully complete a Motor Vehicle Report review.



Informações sobre diversidade

A General Motors está comprometida em ser um local de trabalho que não só é livre de discriminação ilegal, como estimula verdadeiramente a inclusão e integração. Acreditamos enfaticamente que a diversidade na força de trabalho cria um ambiente no qual nossos colaboradores podem crescer e desenvolver melhores produtos para nossos clientes. Incentivamos os candidatos interessados a analisar as principais responsabilidades e qualificações de cada função e a se candidatar a qualquer cargo que corresponda a suas habilidades e capacidades. Os candidatos no processo de recrutamento podem, quando aplicável, ser solicitados a concluir com sucesso uma ou mais avaliações relacionadas à função e/ou uma seleção pré-emprego antes de iniciar o emprego.  Para saber mais, acesse Como contratamos.

Declaração de Igualdade de Oportunidades de Emprego (EUA)

A General Motors tem orgulho de ser um empregador que oferece oportunidades iguais.  Todos os candidatos qualificados serão considerados para o emprego, independentemente de raça, cor, religião, sexo, orientação sexual, identidade de gênero, origem nacional, deficiência ou status como veterano protegido. 

Adaptações (EUA e Canadá)

A General Motors oferece oportunidades a todos os candidatos a emprego, incluindo pessoas com deficiências. Se você precisa de uma adaptação razoável para ajudá-lo na sua pesquisa de cargos ou solicitação de emprego, fale conosco pelo e-mail Careers.Accommodations@GM.com ou pelo telefone 800-865-7580. No seu e-mail, inclua uma descrição da adaptação específica que você está solicitando assim como o nome do cargo e o número de requisição do cargo ao qual está se candidatando.