Security Architect
BCM One
SDLC
Senior Cybersecurity Engineer – Governance, Risk & Compliance
General Motors
full-time
Posted on:
Location Type: Hybrid
Location: Warren • Missouri, Texas • 🇺🇸 United States
Visit company websiteJob Level
Senior
Tech Stack
Cyber SecurityServiceNow
About the role
- Assist in the development and modernization of cybersecurity policies, standards, and procedures while ensuring alignment with industry frameworks (NIST CSF, ISO 27001)
- Manage departmental compliance to corporate policies, regulatory requirements, and NIST cybersecurity frameworks
- Document and process cybersecurity policy deviations, including associated risks, and remediation plans
- Lead collaboration efforts with the procurement and legal teams to ensure implementation of contractual cybersecurity requirements for third parties
- Serving as the security Subject Matter Expert in contract negotiations and making approval recommendations on deviation requests
- Evaluating, and clearly articulating, identified Security risks to stakeholders and the potential impact to GM
- Promoting security awareness campaigns, and conducting training
- Provide strategic support to leadership by managing ad-hoc requests and initiatives aimed at advancing departmental objectives and operational excellence
- Develop and evolve executive-level reports and dashboards that illustrate third-party risk posture, trends, and mitigation strategies
- Continuously enhance and drive efficiencies in GRC process workflows to strengthen GM’s cybersecurity program in response to emerging threats, regulatory changes, and industry trends
- Promote a culture of continuous learning and improvement through postmortem reviews, documenting lessons learned, and analyzing stakeholder feedback
- Maintaining and fostering strong partnerships with key stakeholders, both inside of GM and external to the company
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, or related field
- Minimum of 5 years of experience in cybersecurity, with a focus on GRC, policy development, or contract negotiation
- Strong understanding of security frameworks such as NIST CSF, ISO 27001, PCI, and CIS Controls
- Proven experience in policy and standards creation, including drafting, reviewing, and stakeholder engagement
- Demonstrated ability to assess and interpret security controls in technical and business contexts
- ServiceNow experience (Preferred)
- Experience working in a regulated industry (automotive, financial services, healthcare, etc.) (Preferred)
- Knowledgeable in third-party risk management and supplier assurance processes (Preferred)
- Certifications such as CISSP, CISM, CRISC, or CIPP (Preferred)
Benefits
- Non-Discrimination and Equal Employment Opportunities
- Accommodations for individuals with disabilities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurityGRCpolicy developmentcontract negotiationsecurity frameworksNIST CSFISO 27001PCICIS Controlsthird-party risk management
Soft skills
collaborationcommunicationstrategic supportstakeholder engagementsecurity awarenesscontinuous learningorganizational excellencerisk assessmentproblem-solvingleadership
Certifications
CISSPCISMCRISCCIPP
