Cybersecurity Risk Analyst

About the position The Cybersecurity Risk Analyst is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by organizing information, enabling risk management decisions and addressing threats to ensure the security of company systems and information assets. The Cybersecurity Risk Analyst is responsible for contributing to the success of comprehensive security initiatives, work with internal and external groups to ensure the program is operating effectively and efficiently and develop strong partnerships with business partners across the enterprise to ensure company information assets are protected at the appropriate level.

Responsibilities

• Develop and update Cybersecurity policies, standards, and procedures referencing NIST 800-53 controls and the NIST Cybersecurity Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices
• Track remediation items and/or findings to completion as part of the risk assessment process
• Collaborate with business partners to manage Cybersecurity needs
• Initiate, facilitate, and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls
• Perform third party risk assessments
• Partner with Application Custodians to perform application risk assessments
• Possess and continue building knowledge of GRC tooling, processes, and the global regulatory environment relating to the management of risk
• Drive maturation of the Cybersecurity Risk Program through continuous process improvement

Requirements

• High level understanding of technology infrastructure, security concepts and platforms
• Advanced knowledge of the OSI model and security that is associated with each layer
• Knowledge of information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001)
• Demonstrated success in project management
• Ability to think strategically and make collaborative decisions
• Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
• Communicates quickly, clearly, concisely, appropriately and intelligently
• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Foster open communication, speaks with impact, listens to others and writes effectively
• Effective planning, time management, negotiation and delegation skills
• Ability to approach problems with an open-mind and create new and innovative ideas and methods
• Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods
• 3+ years of experience in a large and complex business environment with a successful track record working directly with senior level management in Financial Services or Banking strongly preferred
• 3+ years of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Legal Regulations, IT or Security Audit, IT or Security Compliance preferred
• 3+ years of experience performing risk assessments and/or cybersecurity vendor risk assessments preferred
• Experience with technical writing preferred
• Bachelor’s Degree in related field or equivalent work experience strongly strongly preferred

Benefits

• 401K matching
• bonding leave for new parents (12 weeks, 100% paid)
• tuition assistance
• training
• GM employee auto discount
• community service pay
• nine company holidays