Lead, Business Information Security Officer

Job Description

In recent years, GM Information Technology has successfully executed the largest IT transformation in the history of the automotive industry, fully insourcing what once was a nearly completely outsourced IT function. Today GM IT is a dynamic and fast paced organization that designs, develops and maintains all IT infrastructure, applications and solutions enabling GM’s global operations. From designing and building the next generation of electric and other vehicles to developing a world-class GM experience for our dealers and customers, GM IT is driving real change in the most iconic automaker on the planet. Our team delivers unique enterprise-wide IT solutions in cutting-edge technologies such as mobility, telematics, mission-critical business systems, supercomputing, cloud, vehicle engineering and real-time computing. We offer challenging positions for passionate professionals looking to advance their careers and be a part of an IT organization focused on innovation, speed and business value.

This is a Hybrid position within our IT Organization. The role will allow employees to work offsite but will also require onsite work based on business needs. The selected candidate will be expected to commute to the innovation center to which they are assigned as their primary GM facility. Relocation may be provided.

Locations: Detroit, MI

FOR GM INTERNAL CANDIDATES: This role is posted at both 7th and 8th level. The determination by HR and the Hiring Manager as to whether an offer will be lateral or promotional will be based on a candidate’s relevant experience and whether the role will amount to a significant increase in level of responsibility.

About the General Motors Security team:
GM’s Information Security and Risk Management Team protects and defends the company‘s information, networks, and infrastructure. We are looking for talented Information Security and Risk Management Professionals in the fields of incident response, cyber-intelligence, enterprise security architecture, digital forensics, application security and compliance with the passion and expertise to perform in a complex, global environment amidst today’s evolving threat landscape.

About the role:

GM’s Information Security and Risk Management’s mission is to proactively protect against threats and vulnerabilities, detect, analyze, and contain attacks on GM’s digital information and infrastructure. This role will proactively engage our business partners and align their cybersecurity needs to drive the delivery of their initiatives forward in a fast, secure, reliable manner.

This role will serve as a critical security liaison with various business and IT units, ensuring the implementation of GM security controls for all new GM business, mergers, acquisitions, or divestitures.

This role will work cross functionally with other GM Cyber security teams, IT, and business partners, to drive the implementation of GM security requirements and controls, while enabling fast business transformation.

Major Duties/Responsibilities:

• Understand business requirements, align with GM Security Strategy, and drive the implementation of GM security controls across GM new businesses, mergers, acquisitions, and/or divestitures
• Serve as the cyber security subject matter expert (SME), driving & coordinating with Information Security, business and IT teams and providing multi-disciplinary knowledge, skills, and experience in security strategy, architecture, controls, and policy
• Design and drive the implementation of secure solutions to enable business transformation
• Prioritize security control implementation based on threats and input from information security teams, create a roadmap to align with the portfolio planning process
• Create meaningful security metrics to communicate security posture and risks to leadership
• Monitor and verify the effectiveness of security controls; analyze data, develop trend analysis, and ensure compliance to existing standards, policies, and procedures
• Participate in contract negotiations to ensure appropriate security controls are included in master agreements
• Assisting new business ventures with establishing policies, defining operational processes, and evaluating tools
• Help connect and align resources (e.g., security architects, engineers) to achieve outcomes.
• Constructively engage business partners regarding security issues. Reshape business partners’ preconceived notions of success where appropriate. Establish risk ownership and accountability within the business line. Champion the success of each business partners’ security posture
• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business cybersecurity decisions.
• Educate stakeholders on security-related matters to increase awareness and improve culture.
• Proven ability to communicate technical issues to technical and non-technical business area stakeholders.
• Design, interpret & communicate information security policies & controls
• Develop processes and implement frameworks to improve security posture and champion business partner success
• Keep current on industry security testing best practices and industry security risks

Minimum Qualifications:

• Bachelor’s degree in Information Systems or related field. An advanced degree and/or certifications preferred.
• 8+ years hands-on experience working in cybersecurity, security assurance, security governance, audit, or risk management.
• Experience in large scale information technology implementations and operations preferred.
• Outstanding interpersonal and customer service skills, and able to collaborate across multiple IT and business teams in a complex environment
• Executive-level verbal and written communication skills
• Experience documenting technical information in a consumable manner that non-IT professionals can easily understand
• Demonstrated ability to manage the full lifecycle of projects, from concept development, project plan creation, production of materials.
• Experience moving seamlessly from strategy to execution to deliver tangible results.
• Able to effectively analyze risk within the context of business, and technology problems. Ability to develop a full and deep understanding of the business operations. Understanding of how business initiatives create value and risk for organizations.
• Experience working with and preferably leading global, cross functional teams.
• Extensive ability to transform technical concepts into usable documented material for non-technical users
• Work on multiple projects simultaneously, set priorities and meet deadlines
• Work independently and manage workload with organization to meet expectations and objectives.
• Absorb, retain, and organize information gathered from multiple sources and in a variety of formats.
• High level of integrity in dealing with confidential and sensitive information.

Additional Job Description

Preferred Qualifications:

• Undergrad or Master’s degree in a security relevant field
• Obtained certifications in one or more of the following preferred:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Global Information Assurance Certification (GIAC)
• Prior Business Information Security Officer (BISO) experience

About GM

Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.

Why Join Us

We aspire to be the most inclusive company in the world. We believe we all must make a choice every day – individually and collectively – to drive meaningful change through our words, our deeds and our culture. Our Work Appropriately philosophy supports our foundation of inclusion and provides employees the flexibility to work where they can have the greatest impact on achieving our goals, dependent on role needs. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.

Benefits Overview

The goal of the General Motors total rewards program is to support the health and well-being of you and your family. Our comprehensive compensation plan incudes, the following benefits, in addition to many others:

• Paid time off including vacation days, holidays, and parental leave for mothers, fathers and adoptive parents;
• Healthcare (including a triple tax advantaged health savings account and wellness incentive), dental, vision and life insurance plans to cover you and your family;
• Company and matching contributions to 401K savings plan to help you save for retirement;
• Global recognition program for peers and leaders to recognize and be recognized for results and behaviors that reflect our company values;
• Tuition assistance and student loan refinancing;
• Discount on GM vehicles for you, your family and friends.

Diversity Information

General Motors is committed to being a workplace that is not only free of discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We understand and embrace the variety through which people gain experiences whether through professional, personal, educational, or volunteer opportunities.GM is proud to be an equal opportunity employer.

We encourage interested candidates to review the key responsibilities and qualifications and apply for any positions that match your skills and capabilities.

Equal Employment Opportunity Statements

The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual’s age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity (EEO) Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us [email protected]. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.