Advisor, Information Security GRC

Information Security GRC Lead

Mercedes-Benz USA is responsible for the sales, marketing and service of all Mercedes-Benz and Maybach products in the United States. In our people, you will find tremendous commitment to our corporate values. Our products and employees reflect this dedication. We are looking for diverse top-notch individuals to join the Mercedes-Benz Team and uphold these hallmarks.

The Information Security GRC Lead is responsible for leading the design, implementation, and continuous improvement of Governance, Risk, and Compliance (GRC) programs to ensure alignment with regulatory requirements, corporate policies, and industry frameworks.

This role will drive a risk-based security posture, ensure sustainable, audit-ready controls while reduce organizational risk and maintaining a defensible compliance position.

The GRC Lead provides security governance, risk management, compliance monitoring, and audit management, in close collaboration with the Information Security Officer (ISO), senior leadership, and global cybersecurity stakeholders.

This role will lead the team through establishing highly effective policies based on the RISE (Regulations for Information Security) Cybersecurity Framework, establishing sustainable processes for assessing and tracking cybersecurity risk, performing security control testing, and delivering performance metrics and reporting for each program under its management scope.

In addition, this role requires a forward-thinking person who is committed to evolving into a strong AI-oriented cybersecurity professional, capable of leveraging AI and automation to enhance risk detection, improve audit efficiency, and accelerate remediation outcomes.

Roles and Responsibilities:

Governance, Risk & Compliance (GRC)

• Lead and continuously enhance the Information Security Risk Management Program aligned with Mercedes-Benz A22 RISE policies
• Establish governance for secure and responsible adoption of AI (AI-on-AI security) ensuring compliance with corporate and regulatory expectations
• Define, implement, and enforce security policies, standards, and control frameworks across business and technology units
• Establish and monitor KPIs to proactively identify risk trends through Risk & Business Impact Assessments
• Maintain enterprise security architecture aligned with evolving threat landscape and business strategy
• Partner with senior leadership to drive a consistent, repeatable, and measurable risk management strategy
• Oversee Business Continuity and resiliency programs ensuring organizational readiness

Audit, Compliance & Regulatory Assurance

• Ensure audit readiness and drive successful closure of all Audits (corporate, AMBISS and internal assessments)
• Lead audit planning, execution, and audit preparedness activities, including internal audits and control testing
• Use AI to predict audit findings, identify control gaps early, and recommend remediation actions
• Implement AI-driven control validation and evidence collection to accelerate audit cycles and reduce manual effort
• Design and implement controls, policies, and procedures driven by audit requirements
• Maintain controls monitoring dashboards and provide transparency on compliance posture
• Coordinate with DPO and BISO to ensure adherence to data privacy regulations (state and global)
• Act as the primary interface with auditors, regulators, and internal compliance stakeholders

AI- Enabled Secure SDLC, DevSecOps & Application Security

• Embed security into the software lifecycle and enable secure digital transformation
• Integrate AI-driven security testing and code analysis across SDLC and DevSecOps pipelines
• Leverage AI for automated vulnerability triage, root cause analysis, and remediation recommendations
• Enable "shift-left + auto-fix" capabilities, reducing resolution time through intelligent automation/AI
• Drive adoption of AI copilots for developers to enforce secure coding practices in real time
• Govern security quality gates with AI-backed risk scoring before production releases

AI -Driven Third-Party, Cloud & Emerging Technology Security

• Lead third-party cyber risk management (TPCRM) ensuring vendors meet security and compliance requirements
• Define and enforce security requirements in procurement processes and vendor onboarding
• Conduct cloud security assessments and ensure alignment with enterprise security standards
• Define and Implement AI-powered third-party cyber risk management (TPCRM) for continuous vendor monitoring and risk scoring
• Establish governance frameworks for AI systems, including model risk, data integrity, and adversarial threats
• Leverage AI to analyze vendor risks, detect anomalies, and automate risk mitigation strategies
• Support governance and risk management for emerging technologies including AI and digital platforms
• Ensure all external and SaaS integrations adhere to corporate security and privacy standards

Security Operations Governance, Incident Readiness & Awareness

• Drive operational excellence, incident preparedness, and a security-first culture
• Develop and maintain enterprise Incident Response plans covering key cyber-attack scenarios
• Support cybersecurity incident response activities and post-incident improvements
• Lead enterprise-wide security awareness programs including phishing campaigns, training, and annual events
• Modernize awareness programs using AI-driven simulations, adaptive phishing campaigns, and behavioral insights
• Train application owners and business leaders on security policies, ensuring consistent adoption

This position reports to NAFTA Information Security Officer, closely working with the Director Cyber Security & Cross Functions.

Qualifications

Education:

Bachelor's Degree (accredited school) or equivalent with emphasis in:

Computer Science/Information Technology

Knowledge, Skills & Abilities:

• Minimum of 10+ years of relevant work experience in IT
• Experience in many of the following areas:
• Deep knowledge of Information Security Governance, Risk Management, and Compliance frameworks (NIST, ISO 27001, Mercedes-Benz A22 RISE)
• Strong understanding of enterprise risk management, audit processes, control design, and regulatory compliance
• Knowledge of audit methodologies, evidence collection, and control validation techniques
• Familiarity with data privacy regulations and frameworks (state, global, GDPR-aligned concepts)
• Understanding of AI/ML fundamentals and their application in cybersecurity and risk management
• Knowledge of AI governance principles, including Model risk, data integrity, and adversarial threats
• Responsible AI usage and compliance expectations
• Drive adoption of AI/automation to significantly reduce remediation timelines and manual efforts
• Ability to create awareness, accountability, and ownership across the organization
• Skills to train, coach, and empower teams to integrate security into daily operations
• Ability to translate complex security, audit, and AI concepts into simple, business-relevant outcomes
• Awareness of automation and analytics tools that enhance risk detection and remediation
• Knowledge of IT guidelines and corporate IT policies, IT standards, knowledge of IT organization (e.g., for escalation paths for non-standard requests)
• Overview of current threats, risks, information security techniques, and controls to mitigate them
• In-depth knowledge of IT security, in particular firewalls, protocols, encryption, authentication and authorization, and secure system design and programming
• Experience with MBUSA, Mercedes-Benz's work culture, and association with IT leadership, supervisors, and employees would be a big plus.
• Strong ability to deal with conflicts
• Driving initiatives and successfully managing scope, timeline, budgets, and quality.
• Motivating and inspiring team members.
• Experience with Networking, SAP Security, Cloud-based applications, Server hardening/security baseline standards, patch management, and remediations.
• Experience with Security Operations, Incident Response Identity, and Access Management (MFA, SSO)
• Identify and estimate the future needs of the organization through constant interaction with the users and IT leadership, conducting regularly scheduled user status/planning meetings
• Excellent written, verbal communication, interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Strong proficiency with common management frameworks, regulatory requirements, and industry-leading practices

Certifications:

· The ideal candidate must have relevant cyber security certifications. CISA/CISM/CISSP preferred

· Experience with or willingness to pursue AI-related security certifications is strongly preferred

· The ideal candidate must pursue Current & Future Mercedes-Benz-mandated certifications

Additional Information

· No Sponsorship/Visa Transfer Available

· Must be able to work flexible hours