AVP Cybersecurity Governance

lore, the tools to build and the support to thrive.

RESPONSIBILITIES

About the Role:

The AVP Cyber Governance leader will be responsible for four core governance functions for GM Financial:
Cyber Vendor Risk, Cyber Application Risk, Cybersecurity Findings Management, and Cyber Process Automation. You will be responsible for maturing program capabilities, strengthening team performance, and driving transparency into the organization's cybersecurity risk posture. You will partner with leaders across IT, Privacy, Legal, Procurement, and Cybersecurity to embed disciplined, risk-based practices across the enterprise.

In this role, you will:

• Lead and develop the Vendor Risk, Application Risk, Findings Management, and Cyber Process Automation teams.

• Oversee third-party cybersecurity risk assessments, risk scoring, evidence reviews, and remediation workflows.

• Manage application risk assessments and ensure accurate control evaluation and response.

• Direct the full lifecycle of cybersecurity findings, including documentation, tracking, aging, remediation, validation, and reporting.

• Guide the Cyber Process Automation team in building scalable workflows, dashboards, and data integrations to improve efficiency and program maturity.

• Maintain and enhance cybersecurity procedures aligned with NIST CSF and NIST 800-53.

• Deliver clear, executive-ready reporting on risk posture, findings, and program performance.

• Serve as a trusted advisor who can translate cybersecurity risk into actionable, business-aligned recommendations.

Reporting Structure:

• Reports to VP Cybersecurity Governance

QUALIFICATIONS

What Makes You a Dream Candidate:

• Proven leadership experience within cybersecurity governance, risk, or assurance functions.

• Strong understanding of NIST CSF, NIST 800-53, vendor security controls, and application security principles.

• Ability to evaluate risk, drive remediation, and influence senior stakeholders.

• Experience leading workflow automation or low-code development teams.

• Exceptional communication skills with the ability to simplify complexity for executives and business partners.

• Process-oriented builder who brings structure, discipline, and continuous improvement to programs and teams.

Experience

• High School Diploma or equivalent required

• Bachelor's Degree or equivalent experience preferred

• 6+ years of experience in large and complex business environments with a successful track record working directly with senior-level management required

• 5-7 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information, Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security

• Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required

• Information Security Certifications preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than. work - we thrive.

Compensation: Competitive salary and bonus eligibility; this role is eligible for company vehicle program.

Work Life Balance: Flexible hybrid work environment, 4-days a week in office.

I-JI1

#LI-Hybrid