Associate Cybersecurity Analyst - Risk (Bilingual Spanish Required)

Flexible hybrid work environment, 4 days a week in the office.  

Why GM Financial Cybersecurity?

Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive. 

About the role: 

The Associate Cybersecurity Analyst (Spanish Speaking Required) is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of cybersecurity risk by organizing information, enabling risk management decisions and addressing threats to ensure the security of company systems and information assets. The Associate Cybersecurity Analyst is responsible for contributing to the success of comprehensive security initiatives, work with internal and external groups to ensure the program is operating effectively and efficiently and develop strong partnerships with business partners across the enterprise to ensure company information assets are protected at the appropriate level.

In this role, you need: 

• Develop and update Cybersecurity policies, standards and procedures referencing NIST 800-53 controls and the NIST Cyber Security Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices 
• Audit management and tracking of remediation items and/or findings to completion 
• Collaborate with business partners to manage Cybersecurity needs 
• Development of security requirements to protect the company from external and internal threats 
• Documentation and reporting of policy or procedure discrepancies and/or change requests 
• Initiate, facilitate and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls 
• Advocate for Cybersecurity as an essential business requirement and advocate the business need as the foundation for Cybersecurity program design 
• Ensure effective communication and partnership with all departments at GMF and serve as a liaison of Cybersecurity and first point of contact for Cybersecurity concerns  
• Engage with business partners to translate high-level business requirements into enterprise security initiatives and programs to achieve the GMF's mission, goals and objectives 
• Work closely with business stakeholders and project teams to plan, design and check appropriate levels of security governance, resource management and asset management

What makes you a dream candidate?

• Understanding and implementing cybersecurity policies, standards and procedures referencing NIST 800-53 controls and the NIST Cyber Security Framework in both Spanish and English. 

• Experience with risk management and technical risk assessment processes ensuring compliance with policies and regulatory requirements

• Experience in assessing cybersecurity risk associated with third-party vendors, including the evaluation of vendor security documentation, risk scoring, and alignment with organizational risk tolerance.

• Demonstrated capability to collaborate with business partners to manage cybersecurity needs

• Experience in assessing cybersecurity risk associated with third-party vendors, including the evaluation of vendor security documentation, risk scoring, and alignment with organizational risk tolerance.