Staff Technical Program Manager – Governance, Risk and Compliance

About The Position

Requirements

• 10+ years driving large‑scale, cross‑functional programs in Compliance, Cybersecurity, Risk Management, or Operations
• Strong Technical Program Management expertise, including roadmap planning, milestone tracking, risk/issue management, and cross-team dependency resolution
• Solid understanding of secure software development, risk and governance frameworks, and enterprise compliance requirements
• Experience supporting audit readiness or implementing regulatory/certification frameworks such as ISO 27001, SOC 2, NIST CSF, or GDPR
• Proficiency with modern program and portfolio management tools (e.g., Azure DevOps, JIRA, Confluence, Power BI)
• Excellent communication skills with proven success preparing executive- and board-level reporting and driving enterprise operating cadences
• Demonstrated ability to lead complex, multi-stakeholder initiatives and influence outcomes across engineering, cybersecurity, legal, and business teams.
• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field, or equivalent hands-on experience in highly regulated, safety‑critical, or enterprise technology environments

Nice To Haves

• Experience in automotive, cloud, aerospace, defense, or other safety‑critical environments (OEM or Tier‑1 preferred)
• Familiarity with cybersecurity, safety, and compliance requirements for vehicle systems, connected platforms, or cloud-based architectures
• Professional certifications such as CISM, CISSP, CIPP/E, ISO 27001 Lead Auditor, PMP, or PgMP
• Experience defining, scaling, or operating cybersecurity or compliance governance models and executive reporting structures
• Advanced degree (MBA, JD, MS in Cybersecurity, Engineering, or Risk Management)

Responsibilities

• Program Delivery Provide program management rigor, structure, and execution support for high-impact compliance initiatives.
• Lead planning, milestone development, dependency mapping, and risk/issue management across multiple GRC domains.
• Align cross-functional teams to deliver predictable, high‑quality outcomes in a safety-critical environment.
• Tracking & Reporting Define and maintain OKRs, KPIs, dashboards, and reporting mechanisms to measure compliance maturity, performance, and operational health.
• Build repeatable reporting frameworks to support executive reviews, audits, and governance forums.
• Stakeholder Engagement Serve as a trusted representative of the GRC organization with Legal, Cybersecurity, Engineering, Product, and Executive stakeholders.
• Drive alignment, surface risks early, and remove organizational blockers through effective communication and influence.
• Translate complex requirements into clear, actionable program plans for both technical and non‑technical audiences.
• Operational Excellence Establish, refine, and scale a disciplined operating model for GRC programs, including standardized processes, cadences, and workflows.
• Implement structured review cycles, program scorecards, readiness assessments, and repeatable governance routines.
• Foster a culture of accountability, program rigor, and proactive issue resolution.
• Ensure ongoing audit readiness and predictable execution across all GRC initiatives.

Benefits

• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
• Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.