Cybersecurity Risk Analyst

JOB DESCRIPTION

Why GMF Cybersecurity?

Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment.

Cybersecurity is central to our strategic vision, so you'll benefit from exceptional leadership visibility, with direct reporting lines to the CEO. This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting-edge technologies.

• Develop and update Cybersecurity policies, standards, and procedures referencing NIST 800-53 controls and the NIST Cybersecurity Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices
• Track remediation items and/or findings to completion as part of the risk assessment process
• Collaborate with business partners to manage Cybersecurity needs
• Initiate, facilitate, and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls
• Perform third party risk assessments
• Partner with Application Custodians to perform application risk assessments
• Possess and continue building knowledge of GRC tooling, processes, and the global regulatory environment relating to the management of risk
• Drive maturation of the Cybersecurity Risk Program through continuous process improvement

• High level understanding of technology infrastructure, security concepts and platforms
• Advanced knowledge of the OSI model and security that is associated with each layer
• Knowledge of information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skillsDemonstrated success in project management
• Ability to think strategically and make collaborative decisions
• Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
• Communicates quickly, clearly, concisely, appropriately and intelligently
• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Foster open communication, speaks with impact, listens to others and writes effectively
• Effective planning, time management, negotiation and delegation skills
• Ability to approach problems with an open-mind and create new and innovative ideas and methods
• Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods

• 3+ years of experience in a large and complex business environment with a successful track record working directly with senior level management in Financial Services or Banking strongly preferred
• 3+ years of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Legal Regulations, IT or Security Audit, IT or Security Compliance preferred
• 3+ years of experience performing risk assessments and/or cybersecurity vendor risk assessments preferred
• Experience with technical writing preferred
• Bachelor's Degree in related field or equivalent work experience strongly strongly preferred