AVP, Cybersecurity

company banner
GM Financial
Security Governance, Risk Management, Cryptography, Security Architecture, Design, Operational Security, Business Continuity and Disaster Recovery, Legal Regulations, Investigations, Compliance, Physical (Environmental) Security, IT, Security, Security Compliance, cybersecurity framesworks, Cybersecurity legislations, regulations, vulnerabilities, Cybersecurity, experience leading information security projects, OSI model
Full Time
Depends on Experience
Work from home not available Travel not required

Job Description


The AVP, Cybersecurity is responsible for managing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by supporting risk based management decisions; developing, deploying, monitoring, tuning, evaluating, reporting on and maintaining systems and procedures; and identifying and mitigating threats to the corporate network, corporate assets, and corporate users to ensure the security of company systems and information assets. This team member is responsible for leading both technical implementation of systems, and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with leading investigations into security threats, working with internal and external groups to ensure the Cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the enterprise to ensure information assets are protected at the appropriate level.


  • Demonstrated capability to collaborate with business partners to manage Cybersecurity needs

  • Experience with development of security requirements to protect the company from external and internal threats

  • Lead the team that conducts risk assessments on Information Technology, Cybersecurity, Third Party Vendors, and other relevant company risks, recommend mitigation strategies, and work with internal stakeholders to assign monitoring responsibility

  • Provide guidance and direction to the team that interprets risk requirements and translates into actionable and sustainable implementations

  • Generate ideas to identify new or implement changes to techniques (policies, procedures, KPIs, KRIs, tools, etc.) and processes for the Cybersecurity Risk Management program to remain relevant (changing risk and threat landscape and Business requirements, etc.) and effective

  • Monitor changes to Cybersecurity overall and proactively identify the need for changes to existing policies and procedures based on changes to the security risk landscape

  • Demonstrate awareness of all information security trends, vulnerabilities, including and especially those influencing the auto finance industry

  • Demonstrate extensive experience with conducting IT, security, and compliance-related risk assessments and advising on mitigation strategies

  • Well-versed in various information security and risk frameworks/standards (ISO 31000, ISO 2700x, NIST 800 series, etc)

  • Broad base of knowledge avariety of compliance and control frameworks (SOC, ISO, PCI, CSA STAR, etc)

  • Familiar with a broad range of technical concepts: logical access control, agile development process, secure coding principles


Reports to: VP, Cybersecurity Governance

Direct Reports: Cybersecurity Managers, Team Leads, Sr Engineers and Analysts, Engineers and Analysts, Associate Engineers and Analysts



  • Experience in setting appropriate priorities for tasks to be accomplished based on project plans and management priorities

  • Technical skills and experience leading information security projects and initiatives

  • Practical experience and knowledge of the latest Cybersecurity legislations, regulations, advisories, alerts, vulnerabilities and Cybersecurity frameworks

  • Knowledge of security methodologies, policies, standards and industry practices

  • Knowledge of information technology systems, infrastructure and operations

  • Experience managing the implementation of security solutions and performing tuning and monitoring in the environment

  • Knowledge of the OSI model and security that is associated with each layer

  • Experience working closely with business stakeholders and leading project teams to plan, design and check appropriate levels of security, resource management and asset management

Required Skills

  • Proven ability to communicate across multiple levels of stakeholders

  • Ability to interpret and document business and technical requirements and clearly explain and articulate technical concepts using non-technical language

  • Strong interpersonal, verbal and written communication skills

  • Detail oriented with good time management and experienced analytical skills

  • Ability to lead a team of highly skilled team members, offer knowledgeable advice and make sound decisions

  • Ability to work both independently and collaboratively to build consensus in a team environment

  • Ability to drive multiple projects and delegate tasks to meet time sensitive deadlines

  • Ability to manage production sensitive situations

  • Ability to be a reputable representative of the department and advocate for Cybersecurity as an essential business requirement and the business need as the foundation for Cybersecurity program design

  • Effectively manage partnerships with internal and external clients and represent the Global Cybersecurity organization on projects as needed

  • Engage with business partners to translate high-level business requirements into enterprise security initiatives and programs to achieve the GMF s mission, goals and objectives

  • Assist senior management with special projects as requested

  • Proficiency with MS-Office applications including Word, PowerPoint, Excel, Visio and Project


  • A minimum of 10 years of experience in large and complex business environments with a successful track record working directly with senior level management with at least 5 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance.

  • Experience in the financial services industry preferred

  • Must have demonstrable experience supporting security requirements of a large, global enterprise environment.

  • Bachelor's Degree or equivalent experience strongly preferred

  • Information Security Certifications strongly preferred


  • Normal office environment. Subject to stressful situations and requires many hours per day working on a computer workstation

  • 0-20% international travel may be required

  • After-hours work and periodic 24x7 on call support may be required

Company Information

GM Financial, a wholly owned subsidiary of General Motors, is a global provider of auto finance solutions, with operations in the U.S., Canada, China, and Latin America. We employ more than 9,000 hard-working team members in North America, and we're always looking for new people with diverse talents. GM Financial is a workplace where dedicated people have the opportunity to work together and celebrate our successes. Our culture is based on respect, integrity, innovation and personal development.
Dice Id : 1012055SC
Position Id : 5968343