Overview
Why GMF Cybersecurity?
Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver high-level security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Job Description Why GMF Cybersecurity?
Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Responsibilities About the role:
The Cybersecurity Risk Analyst is responsible for executing Cyber Vendor Risk and Cyber Application Risk assessments to identify, document, and communicate cybersecurity risks across the organization. This team member plays a key role in maintaining consistent, high-quality risk assessments that support informed business decisions.
The Analyst is expected to work independently on risk assessments, apply judgment within defined frameworks, and partner effectively with business and technology stakeholders.
Perform cybersecurity vendor risk and application risk assessments in accordance with enterprise standards.
Review vendor security documentation and application assessment evidence to identify gaps and risks.
Document assessment results clearly, accurately, and consistently.
Assign risk ratings and remediation recommendations.
Engage with IT, Procurement, Privacy, Legal, and business partners throughout the assessment lifecycle.
Track remediation actions and support follow-up activities as needed.
Contribute to continuous improvement of assessment processes, templates, and guidance.
Escalate complex or high-risk issues to senior analysts or management when appropriate.
Qualifications What makes you an ideal candidate?
Hands-on experience performing cybersecurity risk assessments for vendors or applications.
Working knowledge of NIST CSF and NIST 800-53 control frameworks.
Strong written communication and documentation skills.
Ability to apply judgment within established standards and guidance.
Organized, detail-oriented, and able to manage multiple assessments simultaneously.
Comfortable collaborating with both technical and non-technical stakeholders.
Consistent, accurate, and timely completion of work assignments.
Experience
Minimum of 1-5 years’ experience in large and complex business environment with a successful track record working directly with senior level management preferred
At least 1 year of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, IT or Security Audit, IT or Security Compliance preferred
Bachelor’s Degree in related field or equivalent work experience strongly preferred
Licenses
Information Security Certifications strongly preferred
What We Offer Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
Our Culture Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.
Compensation Competitive pay and bonus eligibility
Work Life Balance Flexible hybrid work environment, 4-days a week in office
#J-18808-Ljbffr
Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver high-level security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Job Description Why GMF Cybersecurity?
Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work. As a part of GM, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Responsibilities About the role:
The Cybersecurity Risk Analyst is responsible for executing Cyber Vendor Risk and Cyber Application Risk assessments to identify, document, and communicate cybersecurity risks across the organization. This team member plays a key role in maintaining consistent, high-quality risk assessments that support informed business decisions.
The Analyst is expected to work independently on risk assessments, apply judgment within defined frameworks, and partner effectively with business and technology stakeholders.
Perform cybersecurity vendor risk and application risk assessments in accordance with enterprise standards.
Review vendor security documentation and application assessment evidence to identify gaps and risks.
Document assessment results clearly, accurately, and consistently.
Assign risk ratings and remediation recommendations.
Engage with IT, Procurement, Privacy, Legal, and business partners throughout the assessment lifecycle.
Track remediation actions and support follow-up activities as needed.
Contribute to continuous improvement of assessment processes, templates, and guidance.
Escalate complex or high-risk issues to senior analysts or management when appropriate.
Qualifications What makes you an ideal candidate?
Hands-on experience performing cybersecurity risk assessments for vendors or applications.
Working knowledge of NIST CSF and NIST 800-53 control frameworks.
Strong written communication and documentation skills.
Ability to apply judgment within established standards and guidance.
Organized, detail-oriented, and able to manage multiple assessments simultaneously.
Comfortable collaborating with both technical and non-technical stakeholders.
Consistent, accurate, and timely completion of work assignments.
Experience
Minimum of 1-5 years’ experience in large and complex business environment with a successful track record working directly with senior level management preferred
At least 1 year of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, IT or Security Audit, IT or Security Compliance preferred
Bachelor’s Degree in related field or equivalent work experience strongly preferred
Licenses
Information Security Certifications strongly preferred
What We Offer Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
Our Culture Our team members define and shape our culture — an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.
Compensation Competitive pay and bonus eligibility
Work Life Balance Flexible hybrid work environment, 4-days a week in office
#J-18808-Ljbffr