AVP Cyber Governance

JOB DESCRIPTION

Why GM Financial Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment. Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies. Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

RESPONSIBILITIES

About the Role:

The AVP Cyber Governance leader will be responsible for four core governance functions for GM Financial:
Cyber Vendor Risk, Cyber Application Risk, Cybersecurity Findings Management, and Cyber Process Automation. You will be responsible for maturing program capabilities, strengthening team performance, and driving transparency into the organization's cybersecurity risk posture. You will partner with leaders across IT, Privacy, Legal, Procurement, and Cybersecurity to embed disciplined, risk-based practices across the enterprise.

In this role, you will:

• Lead and develop the Vendor Risk, Application Risk, Findings Management, and Cyber Process Automation teams.
• Oversee third-party cybersecurity risk assessments, risk scoring, evidence reviews, and remediation workflows.
• Manage application risk assessments and ensure accurate control evaluation and response.
• Direct the full lifecycle of cybersecurity findings, including documentation, tracking, aging, remediation, validation, and reporting.
• Guide the Cyber Process Automation team in building scalable workflows, dashboards, and data integrations to improve efficiency and program maturity.
• Maintain and enhance cybersecurity procedures aligned with NIST CSF and NIST 800-53.
• Deliver clear, executive-ready reporting on risk posture, findings, and program performance.
• Serve as a trusted advisor who can translate cybersecurity risk into actionable, business-aligned recommendations.

• Reports to VP Cybersecurity Governance

• Proven leadership experience within cybersecurity governance, risk, or assurance functions.
• Strong understanding of NIST CSF, NIST 800-53, vendor security controls, and application security principles.
• Ability to evaluate risk, drive remediation, and influence senior stakeholders.
• Experience leading workflow automation or low-code development teams.
• Exceptional communication skills with the ability to simplify complexity for executives and business partners.
• Process-oriented builder who brings structure, discipline, and continuous improvement to programs and teams.

• High School Diploma or equivalent required
• Bachelor's Degree or equivalent experience preferred
• 6+ years of experience in large and complex business environments with a successful track record working directly with senior-level management required
• 5-7 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information, Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security
• Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required
• Information Security Certifications preferred