Cybersecurity Specialist

Overview:
The Senior Cybersecurity Specialist is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of cybersecurity risk by organizing information, enabling risk management decisions, and addressing threats to ensure the security of company systems and information assets. The Senior Cybersecurity Specialist is responsible for contributing to the success of comprehensive security initiatives, working with internal and external groups to ensure the program is operating effectively and efficiently, and developing strong partnerships with business partners across the enterprise to ensure company data and information systems are protected at the appropriate level.
**Responsibilities**:
- Demonstrated proficiency developing and updating Cybersecurity policies, standards and procedures referencing NIST 800-53 controls and the NIST Cyber Security Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices
- Experience with relevant Cybersecurity regulations and industry compliance requirements
- Experience with audit management and tracking of remediation items and/or findings to completion
- Demonstrated capability to collaborate with business partners to manage Cybersecurity needs
- Experience with development of security requirements to protect the company from external and internal threats
- Experience with documentation and reporting of policy or procedure discrepancies and/or change requests
- Ability to initiate, facilitate and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls
- Conduct risk assessments on Information Technology, Cybersecurity, Third Party Vendor, and other relevant company risks, recommend mitigation strategies, and work with internal stakeholders to assign monitoring responsibility
- Interpret risk requirements and translate into actionable and sustainable implementations
- Identify new or implement changes to techniques (policies, procedures, KPIs, KRIs, tools, etc.) and processes for the Cybersecurity Risk Management program to remain relevant (changing risk and threat landscape and Business requirements, etc.) and effective
- Monitor changes to cybersecurity overall and proactively identify the need for changes to existing policies and procedures based on changes to the security risk landscape
- Demonstrate awareness of all information security trends, vulnerabilities, including and especially those influencing the auto finance industry
- Demonstrate extensive experience with conducting IT, security, and compliance-related risk assessments and advising on mitigation strategies
- Well-versed in various information security and risk frameworks/standards (ISO 31000, ISO 2700x, NIST 800 series, etc.)
- Broad base of knowledge across a variety of compliance and control frameworks (SOC, ISO, PCI, CSA STAR, etc.)
- Familiar with a broad range of technical concepts: logical access control, agile development process, secure coding principles
Qualifications:
**Required Skills**:
- Ability to initiate, facilitate and promote cybersecurity within the organization and monitor adherence to cybersecurity policies, standards and controls
- Advocate for cybersecurity as an essential business requirement and advocate the business need as the foundation for cybersecurity program design
- Ensure effective communication and partnership with all departments at GMF and serve as a liaison of Cybersecurity and first point of contact for cybersecurity concerns
- Represent the Global Cybersecurity organization on projects as needed
- Engage with business partners to translate high-level business requirements into enterprise security initiatives and programs to achieve the GMF's mission, goals and objectives
- Work closely with business stakeholders and project teams to plan, design and check appropriate levels of security governance, resource management and asset management
- Assist management with special projects as requests
**Qualifications**:
- Fluency in English and Portuguese is required
- Fluency in English, Portuguese, and Spanish is preferred
- Must have a high-level understanding of the financial services industry, security, risk and privacy
- Must have current knowledge and stay up-to-date on the latest Cybersecurity legislation, regulations, advisories, alerts and vulnerabilities
- Must have knowledge of Information Security and Cybersecurity frameworks
- Ability to clearly explain and articulate technical concepts using non-technical language
- Knowledge of security methodologies, policies, standards and industry practices
- Knowledge of information technology systems, infrastructure and operations
- Strong analytical skills
- Excellent verbal communication skills
- Strong interpersonal skills
- Ability to meet time sensitive deadlines required
- Ability to work collabor

---