Risk Management & Controls Assurance - Sr. Analyst
Description
Work Arrangement:
This role is categorized as hybrid. This means the successful candidate is expected to report to Warren, MI three times per week, at minimum.
The Role:
The Cybersecurity Risk Management and Controls Assurance Sr. Analyst role supports the activities of the Information Security and Risk Management - Governance, Risk & Compliance group. This role will work with a team of security professionals and will play a pivotal part in ensuring the effectiveness and alignment of our Cybersecurity practice with industry best practices, regulatory requirements, and business objectives. This role will be responsible for executing the organization's cybersecurity risk management strategy, proactively identifying, assessing, and mitigating inherent risks to GM's critical data, networks, and infrastructure. This role is also instrumental in regularly evaluating the adequacy of the design and operating effectiveness of cybersecurity controls, identifying potential weaknesses, and ensuring appropriate actions plans are in place to reduce residual risks and improving GM's overall risk posture.
What You'll Do:
- Risk & Unified Controls Framework:
- Assist in the development and maintenance of a comprehensive GRC framework, tailored for our Cybersecurity program, aligning with industry standards (e.g., NIST CSF, ISO 27001), regulations, and organizational goals.
- Ensure clear control ownership and alignment across all ISRM functions.
- Maintain essential GRC documentation, including processes, procedures, and risk registers.
- Integrate GRC processes with enterprise-wide cybersecurity initiatives, processes, and reporting requirements.
- Risk Management:
- Implement a comprehensive risk management process, including a quantifiable means to calculate both inherent and residual risks, and GM's overall risk posture.
- Conduct regular risk assessments of cybersecurity threats, vulnerabilities, and environmental factors affecting the business.
- Analyze and prioritize identified risks based on their impact and likelihood.
- Execute risk mitigation strategies, including potential control implementation and enhanced monitoring mechanisms, aligned to industry best practices.
- Monitor and track mitigation results, assess impacts to residual risks, and recommend adjustments to the unified controls framework.
- Report and present on risk management progress to stakeholders.
- Controls Assurance:
- Perform regular evaluations to assess the adequacy of the design and operating effectiveness of existing cybersecurity controls.
- Identify control gaps and weaknesses, recommending solutions for improvement.
- Conduct validations to ensure root causes of identified deficiencies are properly addressed.
- Monitor and track progress on control remediation efforts to closure.
- Reporting and Communication:
- Develop clear and concise reports on risk assessments and control effectiveness status for senior management and relevant stakeholders.
- Collaborate between cybersecurity and other departments on risk and cybersecurity control related matters.
- Communicate effectively with cross-functional teams to build understanding and support for risk and controls related initiatives.
- Data & Automation:
- Manage and maintain ISRM's GRC platform, analytics, and reporting (i.e., ServiceNow IRM)
- Assist in the migration to ServiceNow IRM and configure the Information Risk Management module.
- Support and maintain the Risk & Controls Dashboard
- Collaborate with Security Architecture and Services team to populate risk related data in the Security Data Lakehouse
- Assist in driving the organization to a continuous controls monitoring and reporting environment.
- Continuous Improvement:
- Identify opportunities to improve the effectiveness and efficiency of our GRC program.
- Implement initiatives to enhance the overall cybersecurity posture of the organization.
- Stay informed about evolving cybersecurity threats, regulations, and best practices.
Additional Description
Your Skills & Abilities (Required Qualifications):
- Bachelor's degree in Cybersecurity, Computer Science, or related field
- Minimum 5 years of experience in cybersecurity, GRC, computer science, or related field.
- Prior experience with global, geographically disbursed, teams.
- In-depth knowledge of risk management and compliance frameworks (e.g., FAIR, ERM, COSO).
- In-depth knowledge of industry standards, and best practices (e.g., NIST CSF, ISO 27001, NIST 800-53, etc.).
- Familiarity with cybersecurity related legal /regulatory requirements (e.g., SOX, PCI-DSS, GDPR, CCPA, etc.).
- Understanding of incident response, threat intelligence, and vulnerability management processes.
- Experience managing GRC software tools and platforms (e.g., ServiceNow IRM, IBM OpenPages).
- Strong analytical, problem-solving, critical thinking, and organization skills.
- Strong decision-making skills, and attention to detail and accuracy.
- Ability to assist in the management of multiple, highly complex projects concurrently, and prioritize effectively.
- Excellent communication, presentation, and interpersonal skills.
- Ability to collaborate effectively with stakeholders across all levels of the organization.
- Ability to work independently and as part of a team.
- Adaptability, openness to change, and willingness to learn new skills.
- Strong work ethic and commitment to excellence.
What Will Give You A Competitive Edge (Preferred Qualifications):
- Relevant professional certifications (e.g., CGRC, CRISC, CISA, CISSP, PMP).
- Database Management, programming, and data analytics experience
GM DOES NOT PROVIDE IMMIGRATION-RELATED SPONSORSHIP FOR THIS ROLE. DO NOT APPLY FOR THIS ROLE IF YOU WILL NEED GM IMMIGRATION SPONSORSHIP (e.g., H-1B, TN, STEM OPT, etc.) NOW OR IN THE FUTURE.
About GM
Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.
Why Join Us
We aspire to be the most inclusive company in the world. We believe we all must make a choice every day - individually and collectively - to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.
Total Rewards | Benefits Overview
From day one, we're looking out for your well-being-at work and at home-so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.
Diversity Information
General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire
Equal Employment Opportunity Statement (U.S.)
General Motors is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Accommodations (U.S. and Canada)
General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us [email protected] or call us at 800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.