Cybersecurity Manager - Risk
About The Position
The Cybersecurity Risk Manager is responsible for leading day-to-day execution of the Cyber Vendor Risk Assessment and Cyber Application Risk Assessment programs. This role reports to the Assistant Vice President, Cybersecurity Governance and is accountable for assessment quality, delivery consistency, team performance, and partner engagement across both programs. The Manager will directly manage team members, ensure risk assessments are accurate and consistent, and serve as a primary point of engagement with business, technology, and procurement partners to ensure risks are clearly identified, documented, and managed in alignment with best practices. This role plays a critical part in maintaining confidence in GM Financial’s cybersecurity risk posture.
Requirements
- Proven leadership experience managing and developing team members.
- Hands-on experience performing cybersecurity vendor risk assessments and application risk assessments.
- Strong understanding of NIST CSF and NIST 800-53 control frameworks.
- Demonstrated ability to review, challenge, and calibrate risk assessments.
- Comfortable engaging with business and technical stakeholders and managing risk discussions.
- Highly organized with strong attention to detail and follow-through.
- Minimum of 4 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required
- 7-10 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred
- High school diploma required
- Bachelor's degree in related field or equivalent work experience preferred
Nice To Haves
- Information Security Certifications strongly preferred
Responsibilities
- Lead and manage the Cyber Vendor Risk and Cyber Application Risk teams.
- Oversee daily execution of third-party and application risk assessments.
- Review and approve assessments to ensure quality, consistency, and appropriate risk ratings.
- Coach and develop team members to improve judgement, documentation quality, and risk articulation.
- Partner with IT, Procurement, Privacy, Legal, and business stakeholders throughout the assessment lifecycle.
- Track assessment volume, throughput, and aging and escalate issues as needed.
- Identify opportunities to improve processes, templates, workflows, and methodologies to increase efficiency and consistency.
- Contribute to executive reporting on risk trends, assessment outcomes, and program performance.
Benefits
- Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.
- Competitive pay and bonus eligibility
- Flexible hybrid work environment, 4-days a week in office
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
