The job has been added to the Job cart.

Manager, Third-Party Security - INF0019477

  • Detroit, Michigan, US
  • Warren (Van Dyke Office Center IT), Michigan, US
Add to job cart button Apply now button

Position summary

About the General Motors Security team:
GM’s Cyber Security Management Team protects and defends the company’s information, networks and infrastructure.  We are looking for talented Information Security and Risk Management Professionals in the fields of incident response, cyber-intelligence, enterprise security architecture, digital forensics, application security and compliance with the passion and expertise to perform in a complex, global environment amidst today’s evolving threat landscape.

About the role:
The Manager – Third-Party Security role supports the activities of the Third-Party Information Security group with exposure to the areas of IT Risk Management and Compliance.  This role will be primarily responsible for leading a complex program for driving supplier adoption of GM IT’s Third-Party Information Security Requirements (TPISR).  Additionally, the role is responsible for partnering with the Global Purchasing and Supply Chain (GPSC) organization to identify, evaluate, and prioritize third party risk, and assuring supplier compliance with requirements.  This role also involves executing projects at the direction of the assigned director / manager, communicating program goals and objectives to IT and Business management and supporting achievement of the group’s operational objectives.  Applicants must be willing to physically locate in the metro Detroit area.
Major Duties/Responsibilities
  • Establish, and maintain, solid working relationships with key business partners (i.e. Global Purchasing and Supply Chain, Legal), as well as, key program stakeholders (GM IT, Privacy, etc.)
  • Drive both Direct / Indirect Material Supplier adoption of GM’s Third Party Information Security Requirements (TPISR)
  • Assist in the development and operationalization of a strategic supplier risk assessment and prioritization process
  • Establish and maintain a centralized repository of supporting contract artifacts, and accounting of adoption activities
  • Provide periodic updates to senior leaders on program status
  • Support consistent application of applicability guidelines, and criteria used to evaluate Supplier contract redlines
  • Support the administration of supplier policy deviations
  • Deliver supplier training, as required, and promote awareness activities specific to risk management and security controls
  • Assist in transforming supplier adoption activities from a GM specific solution, to an industry wide, multi-OEM approach, working closely with the Automotive Industry Action Group (AIAG) and the National Institute of Technology Standards (NIST)
  • Represent Information Security and IT Risk Management in various internal, and external industry, lead forums
  • Lead a leveraged / virtual team (GM, Suppliers, and other external parties) to ensure overall IT compliance requirements are delivered
  • Provide day to day oversight and direction to team members
  • Ensure program deliverables are completed on time, per established deadlines
  • Conduct quality assurance reviews of worked performed
  • Drive timely identification and resolution of supplier non-compliances and/ or security related issues
  • Conduct root cause analysis and assist, to the extent possible, Suppliers in developing action plans to mitigate identified risks
  • Represent the Third-Party IT Security team in various forums with key internal and external stakeholders
  • Assist in defining control requirements for use in conducting supplier assessments
  • Provide input and lessons learned to GM IT Security Policies and Practices
  • Utilize automated tools to support work flow and management reporting


  • 5-7 years of experience in managing complex programs, as well as in risk management, security, controls assurance, or managing /executing internal or external audits (3rd-Party preferred)
  • Demonstrated experience in leading, and coordinating, global teams
  • Sound knowledge of internal controls industry standards such as COBIT, COSO and ISO 27002
  • Demonstrated technical and professional skills in job-related area required – such as: Understanding of Supply Chain, Risk Management, Third-Party compliance requirements and controls
  • Sound understanding of concepts and terminology in security domains including governance, risk management, architecture, compliance, and operations and able to express them in a clear and concise manner
  • Strong written and oral communication skills
  • Strong negotiation and conflict management skills – the ability to facilitate and negotiate outcomes and decisions, and resolve areas of dispute in a constructive way
  • High level of analytical ability where problems are unusual and difficult
  • Appropriate interpersonal styles and communication methods to work effectively with business partners and key internal / external stakeholders to meet mutual goals required
  • Ability to formally present and communicate to senior management
  • Expertise in documenting concepts intended for technical audiences
  • Extensive ability to grasp and understand technical concepts and transform them into usable documented material for non-technical users
  • Absorb, retain and organize information gathered from multiple sources and in a variety of formats
  • High level of integrity in dealing with confidential and sensitive information
  • Strong Program and Project Management skills
  • Able to manage multiple projects simultaneously, set priorities and meet deadlines
  • Able to work independently, with minimal direction, and manage workload with organization to meet expectations and objectives.
  • Understanding of infrastructure and network security controls
  • Knowledge of and ability to effectively use computer software as it pertains to the job responsibilities
  • Demonstrated ability to work effectively as a member of a management team in terms of resource sharing and allocation, collaboration and cooperation, sharing information with others
  • Bachelor’s degree in Information Systems, Business Administration or related field acceptable with three years of experience in information technology.
  • Obtained certifications in one or more of the following preferred: CIA, CISM, CISA, CISSP, CGEIT or CRISC

 Why General Motors?

At GM, we’ve charged ourselves with one mission: to design, build and sell the world’s best vehicles. And to achieve our goals, we’re currently undergoing one of the largest information technology transformations in the history of the automotive industry.

GM IT is a leader in cutting edge technologies such as Mobility, Telematics, Mission-Critical Business Systems, Supercomputing, Vehicle Engineering, and Real-time Computing. We offer challenging growth oriented positions for passionate professionals looking to get in on the ground-floor of a growing “Fortune 5” firm that is re-inventing IT with a laser focus on innovation, speed, and business value.


The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, call 866-583-8151 or email us at In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

Job Alerts