Cybersecurity Manager - Risk

he role:**

The Cybersecurity Risk Manager is responsible for leading day-to-day execution of the Cyber Vendor Risk Assessment and Cyber Application Risk Assessment programs. This role reports to the Assistant Vice President, Cybersecurity Governance and is accountable for assessment quality, delivery consistency, team performance, and partner engagement across both programs.

The Manager will directly manage team members, ensure risk assessments are accurate and consistent, and serve as a primary point of engagement with business, technology, and procurement partners to ensure risks are clearly identified, documented, and managed in alignment with best practices. This role plays a critical part in maintaining confidence in GM Financial's cybersecurity risk posture.

In this role you will:

• Lead and manage the Cyber Vendor Risk and Cyber Application Risk teams.

• Oversee daily execution of third-party and application risk assessments.

• Review and approve assessments to ensure quality, consistency, and appropriate risk ratings.

• Coach and develop team members to improve judgement, documentation quality, and risk articulation.

• Partner with IT, Procurement, Privacy, Legal, and business stakeholders throughout the assessment lifecycle.

• Track assessment volume, throughput, and aging and escalate issues as needed.

• Identify opportunities to improve processes, templates, workflows, and methodologies to increase efficiency and consistency.

• Contribute to executive reporting on risk trends, assessment outcomes, and program performance.

QUALIFICATIONS

What makes you a dream candidate?

• Proven leadership experience managing and developing team members.

• Hands-on experience performing cybersecurity vendor risk assessments and application risk assessments.

• Strong understanding of NIST CSF and NIST 800-53 control frameworks.

• Demonstrated ability to review, challenge, and calibrate risk assessments.

• Comfortable engaging with business and technical stakeholders and managing risk discussions.

• Highly organized with strong attention to detail and follow-through.

Experience and Education

• Minimum of 4 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required

• 7-10 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred

• High school diploma required

• Bachelor's degree in related field or equivalent work experience preferred

Licenses

• Information Security Certifications strongly preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture - an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work - we thrive.

Compensation: Competitive pay and bonus eligibility

Work Life Balance: Flexible hybrid work environment, 4-days a week in office