Manager - Product Cyber Security Compliance
General Motors, Lansing, MI, United States
General Motors is undergoing a major transformation, both in how we operate and in how we will influence the future of transportation. Our Software Services team is on the forefront of this work, emboldening our culture by seeking out determined, innovative individuals who will join our team to help move us forward and achieve our mission.**About the Role**The Manager, Cybersecurity Engineer is a senior people leadership role within GM Cybersecurity, and part of the Cybersecurity Governance, Risk & Compliance team. This role owns GM's vehicle product cybersecurity compliance posture — including conducting threat analysis and risk assessment, providing requirements to GM’s Cybersecurity policy and underlying standards, ensuring global regulatory compliance, and orchestrating government-facing audits — while driving control gap remediation across vehicle engineering and product teams.As the regulatory landscape continues to evolve, this role is also responsible for incorporating emerging vehicle theft-related and compliance requirements into GM's product cybersecurity controls framework. The ideal candidate is a seasoned cybersecurity GRC professional with deep automotive regulatory expertise, a collaborative leadership style, and a proven track record managing high-performing teams while influencing cross-functional stakeholders.**Key Responsibilities****Product Cybersecurity Compliance*** Own and maintain GM's product cybersecurity **controls framework**, ensuring coverage across all applicable vehicle programs, markets, and regulatory requirements.* Lead and oversee **Threat Analysis and Risk Assessment (TARA)** activities for vehicle product systems, ensuring threat models are current, comprehensive, and integrated into the vehicle development lifecycle.* **Provide requirements for and input to product cybersecurity policies and standards** aligned to evolving threats, regulatory mandates, and industry best practices; drive necessary approvals and ensure cross-functional integration.* Monitor and interpret global automotive cybersecurity regulations and standards (e.g., ISO/SAE 21434, ISO 24089, UNECE WP.29 frameworks), translating changes into actionable compliance obligations for internal teams.* Track emerging vehicle theft-related cybersecurity compliance requirements and drive necessary programmatic responses across applicable vehicle programs and markets.* **UNR155 & Vehicle Type Approval:** Own GM's compliance program for **United Nations Regulation No. 155 (UNR155)** — the global standard for automotive cybersecurity — and serve as the lead orchestrator for **Vehicle Type Approval (VTA)** and **Cybersecurity Management System (CSMS) audits** with government agencies and technical services globally.* Manage all aspects of audit readiness, evidence preparation, submission coordination, and post-audit remediation across multiple regulatory jurisdictions.* Build and maintain productive relationships with government authorities, type approval bodies, and technical service organizations (e.g., IDIADA, etc.) across international markets.* Ensure audit artifacts, compliance documentation, and CSMS evidence packages are current, complete, and audit-ready at all times.**Control Gap Identification & Remediation*** Lead the identification, assessment, and prioritization of cybersecurity control gaps across vehicle product systems, aligned to UNR155, ISO/SAE 21434, and other applicable frameworks.Partner closely with the **Vehicle Cybersecurity Engineering** team and other engineering organizations to align compliance requirements to design and development processes throughout the vehicle lifecycle.
and compliance guidance to internal stakeholders, translating complex regulatory requirements into clear, actionable direction for engineering and Build a team with the optimal mix of expertise and experience, supporting hiring and onboarding activities as needed.**Your Skills & Abilities (Required Qualifications)** **Minimum 10 years of experience** in cybersecurity, with a focus on GRC, regulatory compliance, or product/automotive cybersecurity **Demonstrated experience leading teams**, including people management, performance management, and talent development Deep knowledge of **UNR155**, **UNECE WP.29**, **NIST CSF** and global automotive cybersecurity regulatory frameworks Experience orchestrating or directly participating in Hands-on experience with **Threat Analysis and Risk Assessment (TARA)** methodologies and integration into the vehicle development lifecycle **cybersecurity policies and standards** aligned to regulatory and industry requirements Experience developing or maintaining Proven ability to identify control gaps, develop remediation strategies, and drive closure across cross-functional engineering teamsExperience managing complex, multi-stakeholder programs across global, geographically distributed organizations Strong analytical, problem-solving, and critical thinking skills, with ability to assess systemic issues and translate findings into executive-ready reports Excellent communication, presentation, and interpersonal skills — able to engage effectively with technical teams, senior leadership, and government representatives Ability to manage multiple high-complexity programs concurrently and prioritize effectively under shifting regulatory demands **What Will Give You A Competitive Edge (Preferred Qualifications)** Familiarity with vehicle theft-related cybersecurity regulations and compliance obligations (e.g., NHTSA guidance, regional anti-theft mandates) Experience with GRC software tools and platforms (e.g., Archer, ServiceNow, IBM OpenPages) Working knowledge of automotive embedded systems, vehicle Electronic Control Unit (ECU) architecture, or connected vehicle technologies Experience engaging with technical service organizations (e.g., IDIADA, etc.) in the context of type approvalFamiliarity with automotive supply chain cybersecurity requirements and partner/supplier compliance programs Data analytics, dashboard development, or GRC platform reporting experience Prior experience in a global automotive Original Equipment Manufacturer (OEM), Tier 1 supplier, or government agency environment Experience with enterprise risk frameworks (e.g., COSO, FAIR, ERM) in a product cybersecurity context General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, **email**us or call us at 1-800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.Our diverse team of employees bring their collective passion for engineering, technology and design to deliver on our vision of a world with Zero Crashes, Zero Emissions and Zero Congestion. We are looking for adventure-seekers and imaginative thought leaders to help us transform mobility.We are determined to lead change for the world through technology, ingenuity and harnessing the creativity of our diverse team. Join us to help lead the change that will make our world better, safer and more equitable for all by becoming a member of GM’s . As a part of our Talent Community, you will receive updates about GM, open roles, career insights and more.Please note that filling out the form below will not add you to our Talent Community automatically; you will need to use the link above.
If you are seeking to apply to a specific role, we encourage you to click “Apply Now” on the job posting of interest.
#J-18808-Ljbffr
and compliance guidance to internal stakeholders, translating complex regulatory requirements into clear, actionable direction for engineering and Build a team with the optimal mix of expertise and experience, supporting hiring and onboarding activities as needed.**Your Skills & Abilities (Required Qualifications)** **Minimum 10 years of experience** in cybersecurity, with a focus on GRC, regulatory compliance, or product/automotive cybersecurity **Demonstrated experience leading teams**, including people management, performance management, and talent development Deep knowledge of **UNR155**, **UNECE WP.29**, **NIST CSF** and global automotive cybersecurity regulatory frameworks Experience orchestrating or directly participating in Hands-on experience with **Threat Analysis and Risk Assessment (TARA)** methodologies and integration into the vehicle development lifecycle **cybersecurity policies and standards** aligned to regulatory and industry requirements Experience developing or maintaining Proven ability to identify control gaps, develop remediation strategies, and drive closure across cross-functional engineering teamsExperience managing complex, multi-stakeholder programs across global, geographically distributed organizations Strong analytical, problem-solving, and critical thinking skills, with ability to assess systemic issues and translate findings into executive-ready reports Excellent communication, presentation, and interpersonal skills — able to engage effectively with technical teams, senior leadership, and government representatives Ability to manage multiple high-complexity programs concurrently and prioritize effectively under shifting regulatory demands **What Will Give You A Competitive Edge (Preferred Qualifications)** Familiarity with vehicle theft-related cybersecurity regulations and compliance obligations (e.g., NHTSA guidance, regional anti-theft mandates) Experience with GRC software tools and platforms (e.g., Archer, ServiceNow, IBM OpenPages) Working knowledge of automotive embedded systems, vehicle Electronic Control Unit (ECU) architecture, or connected vehicle technologies Experience engaging with technical service organizations (e.g., IDIADA, etc.) in the context of type approvalFamiliarity with automotive supply chain cybersecurity requirements and partner/supplier compliance programs Data analytics, dashboard development, or GRC platform reporting experience Prior experience in a global automotive Original Equipment Manufacturer (OEM), Tier 1 supplier, or government agency environment Experience with enterprise risk frameworks (e.g., COSO, FAIR, ERM) in a product cybersecurity context General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, **email**us or call us at 1-800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.Our diverse team of employees bring their collective passion for engineering, technology and design to deliver on our vision of a world with Zero Crashes, Zero Emissions and Zero Congestion. We are looking for adventure-seekers and imaginative thought leaders to help us transform mobility.We are determined to lead change for the world through technology, ingenuity and harnessing the creativity of our diverse team. Join us to help lead the change that will make our world better, safer and more equitable for all by becoming a member of GM’s . As a part of our Talent Community, you will receive updates about GM, open roles, career insights and more.Please note that filling out the form below will not add you to our Talent Community automatically; you will need to use the link above.
If you are seeking to apply to a specific role, we encourage you to click “Apply Now” on the job posting of interest.
#J-18808-Ljbffr