Cybersecurity Analyst - Risk

JOB DESCRIPTION

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you'll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

RESPONSIBILITIES

About the role:

The Cybersecurity Risk Analyst is responsible for executing Cyber Vendor Risk and Cyber Application Risk assessments to identify, document, and communicate cybersecurity risks across the organization. This team member plays a key role in maintaining consistent, high-quality risk assessments that support informed business decisions.

The Analyst is expected to work independently on risk assessments, apply judgment within defined frameworks, and partner effectively with business and technology stakeholders.

In this role you will:

• Perform cybersecurity vendor risk and application risk assessments in accordance with enterprise standards.
• Review vendor security documentation and application assessment evidence to identify gaps and risks.
• Document assessment results clearly, accurately, and consistently.
• Assign risk ratings and remediation recommendations.
• Engage with IT, Procurement, Privacy, Legal, and business partners throughout the assessment lifecycle.
• Track remediation actions and support follow-up activities as needed.
• Contribute to continuous improvement of assessment processes, templates, and guidance.
• Escalate complex or high-risk issues to senior analysts or management when appropriate.

• Hands-on experience performing cybersecurity risk assessments for vendors or applications.
• Working knowledge of NIST CSF and NIST 800-53 control frameworks.
• Strong written communication and documentation skills.
• Ability to apply judgment within established standards and guidance.
• Organized, detail-oriented, and able to manage multiple assessments simultaneously.
• Comfortable collaborating with both technical and non-technical stakeholders.
• Consistent, accurate, and timely completion of work assignments.

• Minimum of 1-5 years' experience in large and complex business environment with a successful track record working directly with senior level management preferred
• At least 1 year of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, IT or Security Audit, IT or Security Compliance preferred
• Bachelor's Degree in related field or equivalent work experience strongly preferred

• Information Security Certifications strongly preferred