Manager - Product Cyber Security Compliance

About The Position

Requirements

• Bachelor's or Master's degree in Cybersecurity, Computer Science, Engineering, or a related field
• Minimum 10 years of experience in cybersecurity, with a focus on GRC, regulatory compliance, or product/automotive cybersecurity
• Demonstrated experience leading teams, including people management, performance management, and talent development
• Deep knowledge of UNR155, UNECE WP.29, NIST CSF and global automotive cybersecurity regulatory frameworks
• Experience orchestrating or directly participating in Vehicle Type Approval processes and/or CSMS audits with government or regulatory bodies
• Hands-on experience with Threat Analysis and Risk Assessment (TARA) methodologies and integration into the vehicle development lifecycle
• Strong expertise in cybersecurity controls frameworks (e.g., ISO/SAE 21434, ISO 27001, NIST CSF, NIST SP 800-53)
• Experience developing or maintaining cybersecurity policies and standards aligned to regulatory and industry requirements
• Proven ability to identify control gaps, develop remediation strategies, and drive closure across cross-functional engineering teams
• Experience managing complex, multi-stakeholder programs across global, geographically distributed organizations
• Strong analytical, problem-solving, and critical thinking skills, with ability to assess systemic issues and translate findings into executive-ready reports
• Excellent communication, presentation, and interpersonal skills — able to engage effectively with technical teams, senior leadership, and government representatives
• Ability to manage multiple high-complexity programs concurrently and prioritize effectively under shifting regulatory demands
• Strong work ethic, attention to detail, and commitment to excellence

Nice To Haves

• Relevant professional certifications (e.g., CGRC, CRISC, CISA, CISSP, ISO/SAE 21434 Lead Auditor, PMP)
• Familiarity with vehicle theft-related cybersecurity regulations and compliance obligations (e.g., NHTSA guidance, regional anti-theft mandates)
• Experience with GRC software tools and platforms (e.g., Archer, ServiceNow, IBM OpenPages)
• Working knowledge of automotive embedded systems, vehicle Electronic Control Unit (ECU) architecture, or connected vehicle technologies
• Experience engaging with technical service organizations (e.g., IDIADA, etc.) in the context of type approval
• Familiarity with automotive supply chain cybersecurity requirements and partner/supplier compliance programs
• Data analytics, dashboard development, or GRC platform reporting experience
• Prior experience in a global automotive Original Equipment Manufacturer (OEM), Tier 1 supplier, or government agency environment
• Experience with enterprise risk frameworks (e.g., COSO, FAIR, ERM) in a product cybersecurity context

Responsibilities

• Own and maintain GM's product cybersecurity controls framework, ensuring coverage across all applicable vehicle programs, markets, and regulatory requirements.
• Lead and oversee Threat Analysis and Risk Assessment (TARA) activities for vehicle product systems, ensuring threat models are current, comprehensive, and integrated into the vehicle development lifecycle.
• Provide requirements for and input to product cybersecurity policies and standards aligned to evolving threats, regulatory mandates, and industry best practices; drive necessary approvals and ensure cross-functional integration.
• Monitor and interpret global automotive cybersecurity regulations and standards (e.g., ISO/SAE 21434, ISO 24089, UNECE WP.29 frameworks), translating changes into actionable compliance obligations for internal teams.
• Track emerging vehicle theft-related cybersecurity compliance requirements and drive necessary programmatic responses across applicable vehicle programs and markets.
• Own GM's compliance program for United Nations Regulation No. 155 (UNR155) — the global standard for automotive cybersecurity — and serve as the lead orchestrator for Vehicle Type Approval (VTA) and Cybersecurity Management System (CSMS) audits with government agencies and technical services globally.
• Manage all aspects of audit readiness, evidence preparation, submission coordination, and post-audit remediation across multiple regulatory jurisdictions.
• Build and maintain productive relationships with government authorities, type approval bodies, and technical service organizations (e.g., IDIADA, etc.) across international markets.
• Ensure audit artifacts, compliance documentation, and CSMS evidence packages are current, complete, and audit-ready at all times.
• Lead the identification, assessment, and prioritization of cybersecurity control gaps across vehicle product systems, aligned to UNR155, ISO/SAE 21434, and other applicable frameworks.
• Drive cross-functional remediation efforts, partnering with Vehicle Cybersecurity Engineering and other engineering teams to develop and execute corrective action plans.
• Establish and maintain tracking mechanisms for control gap closure, reporting status to senior leadership on a regular cadence.
• Conduct or oversee root cause analyses of identified control deficiencies and systemic risk trends, ensuring durable remediation strategies are implemented.
• Partner closely with the Vehicle Cybersecurity Engineering team and other engineering organizations to align compliance requirements to design and development processes throughout the vehicle lifecycle.
• Collaborate with Legal, Government Affairs, Program Management, and Supplier teams to ensure a coordinated approach to regulatory compliance.
• Provide cybersecurity GRC expertise and compliance guidance to internal stakeholders, translating complex regulatory requirements into clear, actionable direction for engineering and program teams.
• Represent GM's product cybersecurity GRC program in external-facing engagements, including regulatory submissions, audits, and industry working groups.
• Lead, develop, and mentor a team of cybersecurity GRC professionals, fostering a high-performance culture grounded in accountability, collaboration, and continuous growth.
• Set clear objectives, establish Key Performance Indicators (KPIs), and own delivery of team results aligned to organizational and GM strategic priorities.
• Manage workforce planning, talent development, and performance management for all direct reports.
• Build a team with the optimal mix of expertise and experience, supporting hiring and onboarding activities as needed.
• Champion GM's behaviors and values, fostering an inclusive and psychologically safe team environment.

Benefits

• This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week or other frequency dictated by their manager.
• This job may be eligible for relocation benefits.