The Role:
General Motors is seeking a highly motivated and well-rounded Senior Cybersecurity Engineer to join our Governance, Risk & Compliance (GRC) team. This role is critical to advancing GM’s cybersecurity maturity by supporting the development of next-generation cybersecurity policies and standards, and by negotiating security provisions in third-party contracts.
The successful candidate will collaborate with internal stakeholders and external partners to ensure GM’s cybersecurity posture remains resilient, compliant, and forward-looking. In this role you will perform complex assignments requiring a wider application of security principles, theories and concept. You will interact with senior internal leadership. May lead and provide direction to a team of individuals. Expected to influence without direct control. You will work with independence, though some support and advice is readily available from the manager.
During the year you will set short term objectives and guidelines in support of security strategy, which have a direct impact on Security's overall results. You will holds yourself and others accountable for demonstrating GMs values and cultural behaviors. Models GM behaviors and creates a winning culture.
What You'll Do (Responsibilities):
- Assist in the development and modernization of cybersecurity policies, standards, and procedures while ensuring alignment with industry frameworks (NIST CSF, ISO 27001).
- Manage departmental compliance to corporate policies, regulatory requirements, and NIST cybersecurity frameworks.
- Document and process cybersecurity policy deviations, including associated risks, and remediation plans.
- Lead collaboration efforts with the procurement and legal teams to ensure implementation of contractual cybersecurity requirements for third parties.
- Serving as the security Subject Matter Expert in contract negotiations and making approval recommendations on deviation requests.
- Evaluating, and clearly articulating, identified Security risks to stakeholders and the potential impact to GM.
- Promoting security awareness campaigns, and conducting training.
- Provide strategic support to leadership by managing ad-hoc requests and initiatives aimed at advancing departmental objectives and operational excellence.
- Develop and evolve executive-level reports and dashboards that illustrate third-party risk posture, trends, and mitigation strategies.
- Continuously enhance and drive efficiencies in GRC process workflows to strengthen GM’s cybersecurity program in response to emerging threats, regulatory changes, and industry trends.
- Promote a culture of continuous learning and improvement through postmortem reviews, documenting lessons learned, and analyzing stakeholder feedback.
- Maintaining and fostering strong partnerships with key stakeholders, both inside of GM and external to the company.
Your Skills & Abilities (Required Qualifications):
- Bachelor’s degree in Cybersecurity, Information Technology, or related field
- Minimum of 5 years of experience in cybersecurity, with a focus on GRC, policy development, or contract negotiation
- Strong understanding of security frameworks such as NIST CSF, ISO 27001, PCI, and CIS Controls
- Proven experience in policy and standards creation, including drafting, reviewing, and stakeholder engagement
- Demonstrated ability to assess and interpret security controls in technical and business contexts
People Skills:
- Excellent communication and negotiation skills
- Solid project management capabilities, including planning, tracking, and reporting
- Ability to work independently and collaboratively in a fast-paced, dynamic environment
What Will Give You A Competitive Advantage (Preferred Qualifications):
- ServiceNow experience
- Experience working in a regulated industry (automotive, financial services, healthcare, etc.)
- Knowledgeable in third-party risk management and supplier assurance processes
- Certifications such as CISSP, CISM, CRISC, or CIPP
- Familiarity with artificial intelligence concepts
#LI-DH2
