Cybersecurity Risk Analyst

Why GMF Cybersecurity?

Innovation isn’t just a talking point at GM Financial, it’s how we operate. By joining our team, you’ll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive. 

This position will be posted until filled.

About the role:

The Cybersecurity Risk Analyst is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by organizing information, enabling risk management decisions and addressing threats to ensure the security of company systems and information assets. The Cybersecurity Risk Analyst is responsible for contributing to the success of comprehensive security initiatives, work with internal and external groups to ensure the program is operating effectively and efficiently and develop strong partnerships with business partners across the enterprise to ensure company information assets are protected at the appropriate level.

In this role you will:

• Develop and update Cybersecurity policies, standards, and procedures referencing NIST 800-53 controls and the NIST Cybersecurity Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices
• Track remediation items and/or findings to completion as part of the risk assessment process
• Collaborate with business partners to manage Cybersecurity needs
• Initiate, facilitate, and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls
• Perform third party risk assessments
• Partner with Application Custodians to perform application risk assessments
• Possess and continue building knowledge of GRC tooling, processes, and the global regulatory environment relating to the management of risk
• Drive maturation of the Cybersecurity Risk Program through continuous process improvement