IT Compliance Analyst Lead

JOB DESCRIPTION

Why GMF Technology?

Innovation isn't just a talking point at GM Financial, it's how we operate. From generative AI and cloud-native technologies to peer-led learning and hackathons, our tech teams are building real solutions that make a difference. We're committed to AI-powered transformation, using advanced machine learning and automation to help us reimagine customer interactions and modernize operations, positioning GM Financial as a leader in digital innovation within a dynamic industry.

Join us and discover a workplace where your ideas matter, your development is prioritized, and you can truly make a global impact.

Please note: this is a hybrid position requiring 2 days onsite in Arlington, TX or Detroit, MI. Role not approved for sponsorship at this time.

RESPONSIBILITIES

About the Role:

The Technology Governance, Risk and Compliance (GRC) Lead is responsible for leading the Governance, Risk and Compliance efforts within one of three domains, developing critical frameworks, creating effective and efficient testing and assessment methodology, and performing innovative analysis and complex reviews to identify and remediate risk and ensure well-functioning controls. As a practice owner, the Technology GRC Lead will have the responsibility for setting practices standards, managing key partner relationships and will be the functional subject matter expert in that area.

• Develop compliance, control, risk management, and governance frameworks
• Design compliance, testing, continuous monitoring, self-assessment and validation methodologies
• Perform compliance and risk reviews and document results to allow external reliance
• Understand patterns across risks and issues, ensure understanding by technology leaders and recommend systemic paths to resolution
• Develop, enhance and perform reviews to ensure that major technology initiatives have appropriate controls and risk mitigate activities
• Understand and document the domain technology and process landscape to identify risk levels
• Facilitate identification and resolution of policy and standards gaps and advise leadership on roadmaps for achieving compliance
• Influence technology owners to action through expertise, credibility and escalation
• Assess GRC knowledge gaps, create role-based training and facilitate large-scale training events
• Own a GRC practice (e.g. policy, regulatory, issue management, work practices, etc.) on behalf of the team
• Manage multiple initiatives to successful implementation

• Strong working knowledge of Sarbanes-Oxley (SOX) and other applicable government regulations
• Strong knowledge of project management methodologies, application development lifecycle, and organizational change management
• Advanced knowledge of information technology systems, infrastructure and operations
• Advanced working knowledge of information systems and operations systems and databases
• Advanced knowledge of business processes for supported business groups
• Advanced knowledge of information technology systems, infrastructure and operations
• Working knowledge of Azure, UNIX, Linux, Oracle, iSeries, Cisco, Windows and general IT best practices
• Working knowledge of security and control management best practices such as COBIT, COSO, ITIL, and ISO
• Strong in the use of Microsoft Office software including strong ability to analyze data using Excel for reporting and data mining purposes
• Ability to meet expected delivery dates and the tasks necessary to achieve objectives
• Ability to interact with staff at all levels
• Excellent writing and speaking skills
• Strong people skills
• Advance experience with data visualization concepts and tools
• Proven ability to deliver mission critical software development projects
• Ability to effectively lead, organize, and supervise as needed

• 7-10 years combined experience in Information Technology, Audit and Compliance disciplines required
• High School Diploma or equivalent required
• Bachelor's Degree in related field or equivalent experience required
• Master's Degree preferred
• CIA, CISA, CPA, CISSP, or CRISC Upon Hire preferred
• Professional certifications such as ITIL or PMI preferred