Cybersecurity Risk Analyst

Why GMF Cybersecurity? Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment. Job Description Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting‑edge technologies. Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive. This position will be posted until filled. Responsibilities About the role: The Cybersecurity Risk Analyst is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by organizing information, enabling risk management decisions and addressing threats to ensure the security of company systems and information assets. The Cybersecurity Risk Analyst is responsible for contributing to the success of comprehensive security initiatives, working with internal and external groups to ensure the program is operating effectively and efficiently and developing strong partnerships with business partners across the enterprise to ensure company information assets are protected at the appropriate level. In This Role You Will Develop and update Cybersecurity policies, standards, and procedures referencing NIST 800‑53 controls and the NIST Cybersecurity Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices Track remediation items and/or findings to completion as part of the risk assessment process Collaborate with business partners to manage Cybersecurity needs Initiate, facilitate, and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls Perform third party risk assessments Partner with Application Custodians to perform application risk assessments Possess and continue building knowledge of GRC tooling, processes, and the global regulatory environment relating to the management of risk Drive maturation of the Cybersecurity Risk Program through continuous process improvement Qualifications What makes You an ideal candidate? High level understanding of technology infrastructure, security concepts and platforms Advanced knowledge of the OSI model and security that is associated with each layer Knowledge of information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skillsDemonstrated success in project management Ability to think strategically and make collaborative decisions Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact Communicates quickly, clearly, concisely, appropriately and intelligently Ability to effectively negotiate with vendors on upgrades and acquisitions Foster open communication, speaks with impact, listens to others and writes effectively Effective planning, time management, negotiation and delegation skills Ability to approach problems with an open‑mind and create new and innovative ideas and methods Creative, Innovative, problem‑solving and maximizing your potential to solve problems and improve methods Experience and Education 3+ years of experience in a large and complex business environment with a successful track record working directly with senior level management in Financial Services or Banking strongly preferred 3+ years of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Legal Regulations, IT or Security Audit, IT or Security Compliance preferred 3+ years of experience performing risk assessments and/or cybersecurity vendor risk assessments preferred Experience with technical writing preferred Bachelor’s Degree in related field or equivalent work experience strongly strongly preferred What We Offer Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays. Our Culture Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive. Compensation Competitive pay and bonus eligibility. Work Life Balance Hybrid work environment, 4‑days a week in office. NOTE We are unable to consider candidates who require visa sponsorship for this position. This position is not open to agency submissions. #J-18808-Ljbffr